Nissan breach exposed data of 100,000 individuals
Nissan Oceania has confirmed that the data breach it suffered in December 2023 affected around 100,000 individuals and has begun notifying them.
First response
In early December 2023, the company – a regional Nissan division which includes Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand – revealed that an unauthorized third party accessed its local IT servers and caused downtime.
“We took immediate action to contain the breach, and promptly alerted the relevant government authorities, including the Australian and New Zealand national cyber security centres and privacy regulators,” the company noted.
At the time, they couldn’t confirm the extent nor the type of incident, but a few weeks later, the Akira ransomware group claimed responsibility for the attack and leaked data supposedly stolen from the company.
The company then urged customers to be on the lookout for unusual activities and possible scams while they continued the investigations in collaboration with government authorities and external cyber forensic experts.
The extent of the Nissan data breach
On Wednesday, the company confirmed that the breach affected some current and former employees, dealers and customers, including Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses.
“Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks. This number might reduce as contact details are validated and duplicated names are removed from the list,” the company said.
An estimated 10% of these individuals have had “some form of government identification compromised”, including:
- 4,000 Medicare cards
- 7,500 driver’s licenses
- 220 passports
- 1,300 tax file numbers
The impacted personal information of the remaining 90% includes copies of loan-related documents, employment or salary information, and personal information such as dates of birth.
To assist affected individuals, the company offered access to IDCARE (Australia and New Zealand’s national identity and cyber support community service), free credit monitoring, and will reimburse the cost of ID replacement (if needed).