Nissan Oceania is notifying roughly 100,000 individuals of a data breach resulting from a ransomware attack conducted by a known cybercrime group in late 2023.
The carmaker said it detected an intrusion on December 5, 2023, and informed customers about a disruptive cyber incident the same day. The attack impacted Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand.
A few weeks later, the Akira ransomware group took credit for the attack, claiming to have stolen 100 Gb of information from the company, including corporate files and personal information.
The hackers have since published files allegedly stolen from Nissan systems, which suggests that the car manufacturer refused to give in to ransom demands.
In an update posted on Wednesday, Nissan Oceania said it has started contacting impacted individuals.
Following an investigation conducted with the aid of government authorities and external cybersecurity experts, the company has determined that the data breach impacts some Nissan customers, dealers, and current and former employees.
The customers of Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses are also affected.
Nissan estimates that roughly 100,000 people need to be notified, but the actual number might be smaller once contact details are validated and duplicate entries are removed from the list.
“The type of information involved will be different for each person. Current estimates are that up to 10% of individuals have had some form of government identification compromised. The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers,” Nissan said.
“The remaining 90% of individuals being notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth,” it added.
Impacted individuals are being offered free identity theft and credit monitoring services, and Nissan is reimbursing those who need to replace their government ID due to the incident.
Related: Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive
Related: Nissan Canada Informs 1.1 Million Customers of Data Breach
Related: 25k Nissan Customers Affected by Data Breach at Third-Party Software Developer