Attackers claim they hacked Nissan's design studio and stole 4TB of data

News
By published

Qilin claims another victim, threatens to release valuable information online

Nissan Titan
(Image credit: Nissan)
  • Qilin adds Nissan Creative Box to its data leak site
  • It claims to have taken more than 4TB of sensitive files
  • It's like stealing an invention from an inventor, researchers claim

Nissan Creative Box, the creative arm of the Japanese multinational automobile manufacturer, was hit with a ransomware attack recently, and lost plenty of sensitive data in the incident.

Given the nature of Creative Box’s work, the stolen data could hurt the company and dull its competitive blade, if released to the wild, experts have said.

The company is a specialized satellite design studio forming part of Nissan’s global design network. Established in 1987 to be a creative sandbox for emerging designers, where they can create bold concepts that usually stray away from mainstream car design, it is often described as Nissan’s “design think tank”, as it does not churn out large volumes of visible work, but still retains a significant role within the network.

Design data, photos, videos

Now, Cybernews reports the company’s name was added to Qilin’s data leak site, suggesting that it suffered a ransomware attack and a data breach. The group claims to have stolen more than 400,000 files, totalling more than 4TB.

“The 4TB of data we copied includes 3D design data, reports, photos, videos, and various documents of Nissan automobiles,” the group allegedly wrote on its site.

"While we have no intention of releasing all of this data yet, if Nissan refuses to acknowledge or ignore, it will. At that point, everyone, including competitors, will have access to detailed data of all Nissan CBI projects," it said.

While personally identifiable information (PII) on thousands of people is valuable for criminals interested in phishing, identity theft, or wire fraud, this type of information can cause a different type of pain. For Mantas Sabeckis, Information Security Researcher at Cybernews, the attack is “similar to stealing an invention from the inventor.”.

Qilin has been among the most active ransomware groups in 2025 so far, as in the past year, Cybernews claims the group struck almost 500 organizations, with 401 taking place since January 2025.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.