Nissan North America (Nissan) suffered a data breach final yr when a risk actor focused the corporate’s exterior VPN and shut down techniques to obtain a ransom.
The automotive maker found the breach in early November 2023 and found just lately that the incident uncovered private information belonging to greater than 53,000 present and former workers.
“As shared through the Nissan City Corridor assembly on December 5, 2023, Nissan realized on November 7, 2023, that it was the sufferer of a focused cyberattack. Upon studying of the assault, Nissan promptly notified regulation enforcement and commenced taking fast actions to research, comprise, and efficiently terminate the risk,” the corporate stated in a notification to impacted people.
Nissan disclosed that the risk actor focused its exterior VPN after which shut down sure firm techniques earlier than asking for a ransom. The corporate notes that none of its techniques have been encrypted through the assault.
Working with exterior cybersecurity consultants, the corporate was capable of assess the scenario, comprise the incident, and terminate the risk.
The next investigation revealed that the hacker had accessed some information on native and community shares that contained largely enterprise data.
Nevertheless, on February 28 the corporate “recognized sure private data within the information primarily referring to present and former NNA [Nissan] workers together with Social Safety numbers.”
In a data breach notification to the Workplace of the Maine Legal professional Basic, the corporate states that the uncovered particulars included a private identifier (e.g. title) and social security numbers, and that monetary particulars weren’t current within the information accessed by the risk actor.
Nissan notes that it isn’t conscious of the uncovered information having been misused.
To mitigate the danger of this information publicity, although, Nissan enclosed directions for letter recipients on how they’ll enroll in a free-of-charge 24-month credit score monitoring and id theft safety service by means of Experian.
Nissan has been the goal of a number of security incidents over the previous few years, which affected numerous divisions of the Japanese automotive producer.
In early December 2023, Nissan Oceania (Australia and New Zealand) introduced an investigation right into a cyberattack and potential data breach. In March 2024, Nissan confirmed thaat Akira ransomware had stolen information belonging to 100,000 of its clients.
In January 2023, Nissan North America suffered an oblique breach when a third-party expertise service supplier uncovered the info of 17,988 clients as a result of a poorly configured database.
Two years earlier than, Nissan North America left an uncovered Git server repository on-line utilizing default (admin/admin) credentials, exposing 20 GB of supply code for inner apps and instruments.
Nissan reacted by pulling the repository offline solely when it was notified by a researcher who noticed customers sharing the supply code by way of torrents.
