Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized entry to a server of one in all its subsidiaries, Inventive Field Inc. (CBI).
This got here in response to the Qilin ransomware group’s claims that that they had stolen 4 terabytes of knowledge from CBI, together with 3D automobile design fashions, inside stories, monetary paperwork, VR design workflows, and photographs.
“On August 16, 2025, suspicious entry was detected on the information server of Inventive Field Inc. (CBI), an organization contracted by Nissan for design work,” said a Nissan spokesperson to BleepingComputer.
“CBI instantly carried out emergency measures, akin to blocking all entry to the server, to mitigate the chance, and in addition reported the incident to the police.”
CBI is a Tokyo-based design studio, wholly owned by Nissan Motor Co. Ltd., established as a “suppose tank” that focuses on experimental and idea automobile designs.
Qilin ransomware added CBI on its extortion portal on the darkish internet on August 20, 2025, claiming to have stolen all design initiatives and threatening to make them public, giving rivals an edge.
The risk actors additionally printed 16 photographs of the stolen knowledge as proof of their claims, which depict 3D automobile designs, spreadsheets, paperwork, and automobile inside pictures.
Supply: BleepingComputer
Nissan states that an investigation into the incident is at present underway, however it has already verified a data breach.
“At the moment, an in depth investigation is underway, and it has been confirmed that some design knowledge has been leaked,” said Nissan.
“Nissan and CBI will proceed the investigation and take acceptable measures as wanted.”
The Japanese automaker additionally clarified that the leaked knowledge solely impacts Nissan, which is the only real buyer of CBI. Therefore, the stolen knowledge doesn’t expose purchasers, contractors, or some other corporations or people past Nissan.
Qilin ransomware has been very lively this yr, claiming high-profile victims such because the Lee Enterprises publishing group and the pharmaceutical agency Inotiv.
The risk actors have been linked to the exploitation of the Kickidler worker monitoring instrument and two Fortinet vulnerabilities (CVE-2024-21762, CVE-2024-55591), which enabled them to remotely execute code on units with out authentication.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration developments.
