A possible ransomware attack at Nissan has exposed personal information belonging to around 100,000 people in Australia and New Zealand.
The Japanese vehicle manufacturer has a troubled history with cyberattacks, dating back well over a decade.
It has variously suffered a source code leak, a proof-of-concept exploit affecting its electric vehicles, and a data breach affecting more than 1 million customers.
Most recently, on Dec. 5, hackers obtained access to IT systems at Nissan's Oceania-region corporate and finance offices.
The incident was rapidly addressed, the company wrote in an update on March 13, but not before the perpetrators exfiltrated significant amounts of sensitive data.
Dealers, some current and former employees, and customers of Renault-Nissan-Mitsubishi Alliance vehicles can expect formal notices of compromise in the coming weeks.
Up to 10% of them have had at least one form of government ID stolen - 4,000 Medicare cards, 7,500 driver's licenses, 220 passports, and 1,300 tax file numbers - and the remaining majority have lost other forms of personal information, such as copies of loan-related transaction statements, employment and salary information, and more general information like dates of birth.
Nissan hasn't revealed the nature or perpetrators of its attack.
It's notable that late last December the Akira ransomware gang claimed to have stolen 100GB of data from the company's Oceania division.
Dark Reading has reached out to Nissan Oceania for clarification on this point but has not yet received a reply.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 13 Mar 2024 19:30:28 +0000