March 13, 2024 at 03:32PM
Nissan’s Oceania-region corporate and finance offices experienced a ransomware attack on Dec. 5, compromising sensitive data of around 100,000 individuals in Australia and New Zealand. The breach includes government IDs and other personal information of Renault-Nissan-Mitsubishi Alliance customers. The nature of the attack and the perpetrators have not been disclosed, and suggestions for data protection methods have been offered.
Based on the meeting notes, it has been reported that a possible ransomware attack at Nissan has resulted in the exposure of personal information for around 100,000 individuals in Australia and New Zealand. This incident marks another in a series of cyberattacks against Nissan, with the most recent one occurring on Dec. 5 at its Oceania-region corporate and finance offices. The attackers were able to exfiltrate significant amounts of sensitive data, potentially affecting dealers, employees, and customers of the Renault-Nissan-Mitsubishi Alliance vehicles. Up to 10% of those affected have had government IDs stolen, including Medicare cards, driver’s licenses, passports, and tax file numbers. The remaining majority have lost other forms of personal information, such as employment and salary details, and dates of birth.
While Nissan has not publicly disclosed the nature or perpetrators of the attack, there are indications pointing toward a potential ransomware involvement. The Akira ransomware gang claimed to have stolen 100 gigabytes of data from Nissan’s Oceania division in late December. Additionally, concerns have been raised about the company’s lack of data-at-rest encryption technology.
Darren Williams, CEO and founder of Blackfog, has emphasized the importance of data security measures such as data-at-rest encryption and anti data exfiltration (ADX) tooling to mitigate the risk of extortion attacks. He highlighted that 92% of all attacks involve data exfiltration, underscoring the significance of addressing this issue.
As the executive assistant, it’s critical to convey the implications of this cyberattack and the potential need for enhanced data security measures within the organization. Additionally, it may be necessary to monitor for further updates from Nissan Oceania for clarification on the details of the attack.