Nissan has officially confirmed that after suffering a data breach last December 5, 2023, the alleged ransomware attack has affected a total of 100,000 customers, employees, and dealers. An estimated 10% of the affected individuals could have had their data compromised, potentially exposing sensitive information.
Specifically, the December data breach affected Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand. The data breach was reportedly claimed by the ransomware group Akira, which also threatened to expose the stolen material unless a ransom was paid. Customers were informed by Nissan of the "disruptive incident" that same month, although important information regarding data exfiltration was not verified until recently.
Akira reportedly boasted of having stolen an astounding 100 gigabytes of data, including company files and employee personal information.
(Photo : YUICHI YAMAZAKI/AFP via Getty Images)
This picture taken on November 5, 2022 shows the logo of Japanese automaker Nissan Motor displayed at the company's head office in Yokohama. - The automaker is expected to announce second quarter results on November 9, 2022.
The manufacturer said that they will formally inform almost 100,000 people about the cyber intrusion throughout the following few weeks. The company did clarify, though, that the number might decrease if duplicate names are removed from the list and contact information is checked.
It is said that each impacted person would have unique compromised data. Current estimates suggest that up to 10% of people may have had their government identity compromised. Among the exposed data are around 7,500 driver's licenses, 220 passports, 1,300 tax file numbers, and 4,000 Medicare cards.
90 percent of the individuals who were not contacted had some additional type of personal information affected. This could include copies of loan-related transaction statements for loan accounts, information about work or salary, or basic details like dates of birth.
According to reports, the affected individuals include dealers, some current and former employees, and consumers of the company's finance operations branded under the Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM brands in addition to some of Nissan's clients.
Read Also: Nissan, Mitsubishi to Continue Partnership With Renault, Investing Millions in Its EV Unit Ampere
Nissan's Response
In addition to delivering free identity theft and credit services, the company is improving cybersecurity safeguards to stop such events in the future and extending support services to those who have been impacted.
Customers are advised by Nissan to exercise caution and stay alert when responding to any shady emails, calls, or texts. The company also advised to keep an eye out for any unusual behavior on financial records and remain vigilant on fraud alert on credit reports.
Automaker's Cyberattacks Vulnerability
Cyberattacks against automakers have long been a concern by several experts. An August 2023 study by Kaspersky notes that the continued technological integration of infotainment systems in automobiles is the main concern regarding automakers' cybersecurity.
According to the study, the number of automotive hacker incidents is still increasing annually at a rapid rate, with the majority of this growth being caused by an increase in hacking activities. A further noteworthy development is the increase in remote hacking, which includes both web-based and local wireless attacks.
Kaspersky claims that the likelihood of not only hijacking a car but also getting access to the entire vehicle network has grown as more cars become internet-enabled. As consumers become more accustomed to the convenience of connectivity, this tendency is predicted to continue.
Related Article: Mazda EVs Not Yet Coming Now, 'Demand is Uncertain' says CEO-Coming this 2030?
