Thousands of Nissan customers have had their data stolen in cyberattack

News
By Sead Fadilpašić
published

Japanese carmaker is notifying affected individuals

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

The cyberattack on Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand, which happened in December 2023 resulted in the theft of sensitive data belonging to roughly 100,000 people, the company has confirmed.

In an update posted on its website Nissan said it had started notifying affected individuals, with data stolen from customers, current and former employees, as well as some dealers. 

Customers include owners of Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM brands, the company noted.

No news on the attackers

Not all people have had the same types of information stolen. At the moment, Nissan believes that roughly 10% of the victims have had “some form of government identification” compromised. That includes 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers. 

For the remaining 90%, other personal information was obtained, including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.

“We know this will be difficult news for people to receive, and we sincerely apologize to our community for any concerns or distress it may cause,” Nissan said.

In early December last year, Japanese car manufacturing giant said it was investigating a possible data breach, and warned customers to be wary of potential scam emails and messages delivering malware. In a brief notification published on the Nissan Oceania websites at the time, it was said that the Australian and New Zealand Corporation and Financial Services suffered a “cyber incident”. 

This division handles distribution, marketing, sales, and services, in the above mentioned countries.

The company did not discuss the type of the attack, or the identity of the threat actors behind it. Given that the company’s systems operated normally throughout the incident, it would seem that this was not a ransomware attack.

Nissan is said to be working with relevant authorities, and will be offering affected people identity theft and credit monitoring and protection through IDCARE, Equifax, and Centrix.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.