Nissan: About 100,000 people in Australia, New Zealand affected by recent cyberattack

Jason Macuray
Japanese automaker Nissan said that the personal information of about 100,000 individuals in Australia and New Zealand was exposed during a cyberattack that the company reported in December.

Japanese automaker Nissan said that the personal information of about 100,000 individuals in Australia and New Zealand was exposed during a cyberattack that the company reported in December.

Nissan published new details of the investigation into the incident on Wednesday, stating that it has begun notifying the victims, which include customers, dealers and some current and former employees.

The total number of people might reduce “as contact details are validated and duplicated names are removed from the list,” the company said.

During the attack, the unknown threat actor gained unauthorized access to Nissan’s local IT servers. Since that time, Nissan said it has been working with government authorities in Australia and New Zealand, as well as external cyber experts to review the compromised data and understand the impact on affected individuals.

The type of compromised information will vary for each person, Nissan said. According to current estimates, up to 10% of individuals have had some form of government identification compromised. This includes approximately 4,000 Australian Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers.

The remaining 90% of victims have had some other form of personal information impacted, including copies of loan-related transaction statements for loan accounts, employment or salary information, or general information such as dates of birth.

For those affected by the breach, Nissan will offer free credit monitoring and reimbursement where the replacement of government ID is recommended by the relevant issuing authority.

“We know this will be difficult news for people to receive, and we sincerely apologize to our community for any concerns or distress it may cause,” Nissan said.

In January 2023, Nissan warned thousands of its customers of its finance division about the potential leak of personal information through a third-party vendor.

Data from car companies and car insurance providers is typically in high demand among cybercriminals, with multiple threat actors and groups leaking stolen data on the dark web.

Earlier in November, another Japanese carmaker, Toyota, also suffered a cyberattack that targeted its European and African financial services department.

In September, nearly 15,000 accounts were raided at several large automakers’ websites to harvest important information about thousands of individual vehicles.

IndustryCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

New DOD cyber policy office opening soon, sources say

Next Post

Lazarus Group hackers appear to return to Tornado Cash for money laundering

Related Posts

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the
Avatar
Read More