Nissan Oceania, the Australian and New Zealand division of the Japanese car manufacturer Nissan, has recently announced that they fell victim to a ransomware cyber attack by Akira in December 2023, resulting in the exposure of data of 100,000 individuals.
The incident first came to light in early December when Nissan’s distribution, marketing, sales, and service division in Australia and New Zealand disclosed that they were investigating a cyber attack on their internal network systems. Although initial reports did not confirm a data breach, Nissan still advised its customers to remain vigilant and guard against potential fraudulent attempts on their accounts.
Two weeks later, the Akira ransomware group took responsibility for the cyber attack and claimed to have stolen 100GB of Nissan’s data, including personal information of employees, NDA documents, project data, as well as information on partners and customers.
Nissan has now admitted that the Akira ransomware group accessed data of current and former employees, as well as customer data from Nissan, Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM dealers in the region.
In a recent statement, Nissan revealed that they expect to officially notify approximately 100,000 individuals about the network breach in the coming weeks. It is pertinent to note that each affected individual had different types of information stolen, with up to 10% having their government identity information compromised, including medical insurance cards, driver’s licenses, passports, and tax file numbers. The remaining 90% had their loan-related documents, employment details, and birthdates exposed to the threat actors.
Nissan has pledged to individually notify the affected customers, detailing the information that was exposed, the actions they can take, and the forms of support available. Unfortunately, the Akira ransomware group has already leaked the stolen data on their ransom page on the dark web.
To assist those impacted, Nissan is offering free access to IDCARE services and providing free credit monitoring through Equifax in Australia and Centrix in New Zealand. Additionally, they will reimburse the costs for replacing compromised government identity documents.
Lastly, Nissan advises customers to remain vigilant for any suspicious activity on their accounts, report any concerns to authorities, enable multi-factor authentication where possible, and regularly update their passwords.
For more information, visit the source article from BleepingComputer: [Nissan confirms ransomware attack exposed data of 100,000 people](https://www.bleepingcomputer.com/news/security/nissan-confirms-ransomware-attack-exposed-data-of-100-000-people/)