Nissan North America suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom.
The car maker discovered the breach in early November 2023 and discovered recently that the incident exposed personal data belonging to more than 53,000 current and former employees.
Nissan disclosed that the threat actor targeted its external VPN and then shut down certain company systems before asking for a ransom.
The company notes that none of its systems were encrypted during the attack.
Working with external cybersecurity experts, the company was able to assess the situation, contain the incident, and terminate the threat.
The subsequent investigation revealed that the hacker had accessed some files on local and network shares that contained mostly business information.
In a data breach notification to the Office of the Maine Attorney General, the company states that the exposed details included a personal identifier and social security numbers, and that financial details were not present in the files accessed by the threat actor.
Nissan notes that it is not aware of the exposed data having been misused.
To mitigate the risk of this data exposure Nissan enclosed instructions for letter recipients on how they can enroll in a free-of-charge 24-month credit monitoring and identity theft protection service through Experian.
Nissan has been the target of several security incidents over the past few years, which affected various divisions of the Japanese car manufacturer.
In early December 2023, Nissan Oceania announced an investigation into a cyberattack and potential data breach.
In March 2024, Nissan confirmed thaat Akira ransomware had stolen data belonging to 100,000 of its customers.
In January 2023, Nissan North America suffered an indirect breach when a third-party technology service provider exposed the data of 17,988 customers due to a poorly configured database.
Nissan North America left an exposed Git server repository online using default credentials, exposing 20 GB of source code for internal apps and tools.
Nissan reacted by pulling the repository offline only when it was notified by a researcher who spotted users sharing the source code via torrents.
DocGo discloses cyberattack after hackers steal patient health data.
Dropbox says hackers stole customer data, auth secrets from eSignature service.
Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach.
UnitedHealth confirms it paid ransomware gang to stop data leak.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 15 May 2024 19:35:06 +0000