HQ/EMEAFind out how we can help your business
In a recent statement last March 13, 2024, Nissan Oceania revealed the result of a cyberattack that struck its systems in December 2023. The attack, attributed to the Akira ransomware operation, has resulted in a significant data breach impacting approximately 100,000 individuals. This breach has raised concerns not only for the automaker but also for its customers across Australia and New Zealand.
Initially, the Japanese automaker’s regional division refrained from confirming a data breach but urged caution among its customers, hinting at potential security risks. However, the situation took a more serious turn when the Akira ransomware gang claimed responsibility for the attack, boasting about the theft of 100GB of data. This data trove included numerous sensitive information such as personal employee details, NDAs, project data, and records of partners and clients.
Among those affected are customers of Nissan, Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM dealerships in the region. Nissan’s latest update acknowledges the severity of the breach, confirming that data on both current and former employees, as well as customers, has been compromised.
The Nissan data breach compromises vital documents and personal information of all affected individuals.
Up to 10% of those affected have had their government identity stolen, which is very concerning since this includes important documents like Medicare cards, driver’s licenses, passports, and tax file numbers. For the remaining 90%, additional personal data has been made public, including dates of birth, job information, and loan-related documentation.
Nissan has pledged to inform each affected customer individually, detailing the specific information that has been compromised and offering guidance on protective measures. However, the situation is worsened by the fact that the stolen data has already been leaked on the dark web, raising concerns about potential misuse.
In response to the breach, the automaker is providing support to affected customers, including access to IDCARE for assistance, free credit monitoring services through Equifax in Australia and Centrix in New Zealand, as well as reimbursement for the replacement of compromised government IDs.
To mitigate further risks, Nissan advises customers to remain vigilant for any suspicious activity, enable multi-factor authentication wherever possible, and regularly update their passwords. Despite these measures, the incident underscores the persistent threat posed by cyberattacks and the critical importance of robust cybersecurity measures in safeguarding sensitive data.
