Nissan Oceania’s Data Breach Leaves 100,000 Individuals Exposed

by | Mar 15, 2024 | News

Post Views: 132

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

Nissan Oceania has issued a warning following a data breach affecting approximately 100,000 individuals, stemming from a cyberattack in December 2023 attributed to the Akira ransomware operation.

The Japanese automaker’s regional division, responsible for distribution, marketing, sales, and services in Australia and New Zealand, launched an investigation into a cyberattack on its systems early in December.

While initial reports did not confirm a data breach, Nissan urged caution among its customers, advising heightened vigilance across their accounts to thwart potential scam attempts.

Subsequently, the Akira ransomware group claimed responsibility for the attack two weeks later, asserting that they had pilfered 100GB of data, including documents containing personal employee information, non-disclosure agreements (NDAs), project data, and details concerning partners and clients.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

A recent update from Nissan substantiates some of Akira’s assertions, acknowledging that hackers accessed data pertaining to certain current and former employees, as well as customers of Nissan, Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM dealerships in the region.

Nissan’s latest statement reveals plans to formally notify approximately 100,000 individuals affected by the cyber breach in the ensuing weeks, with the possibility of this figure diminishing as contact details undergo validation and duplicate entries are rectified.

Shockingly, up to 10% of these individuals had their government identification compromised, including Medicare cards, driver’s licenses, passports, and tax file numbers, with varying types of information exposed for each person.

The dataset comprises roughly 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers, posing a significant concern for those affected.

The remaining 90% of impacted individuals had other personal information compromised, encompassing loan-related documents, employment details, and dates of birth.

In response to the breach, Nissan pledges to notify affected customers individually, providing precise details regarding the exposed information, available recourse, and support options.

Regrettably, Akira has already disseminated the pilfered data through its extortion page on the dark web, exacerbating the repercussions of the breach.

Akira

To assist affected customers, Nissan offers complimentary access to IDCARE, free credit monitoring services through Equifax in Australia and Centrix in New Zealand, and reimbursement for the replacement of compromised government IDs.

Furthermore, the automaker advises customers to remain vigilant for suspicious activity on their accounts, report any anomalies to the authorities, implement multi-factor authentication wherever feasible, and regularly update passwords to bolster their security posture.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link