Nissan North America (Nissan) suffered an information breach final 12 months when a menace actor focused the corporate’s exterior VPN and shut down programs to obtain a ransom.
The automobile maker found the breach in early November 2023 and found just lately that the incident uncovered private knowledge belonging to greater than 53,000 present and former staff.
“As shared during the Nissan Town Hall meeting on December 5, 2023, Nissan learned on November 7, 2023, that it was the victim of a targeted cyberattack. Upon learning of the attack, Nissan promptly notified law enforcement and began taking immediate actions to investigate, contain, and successfully terminate the threat,” the corporate stated in a notification to impacted people.
Nissan disclosed that the menace actor focused its exterior VPN after which shut down sure firm programs earlier than asking for a ransom. The corporate notes that none of its programs had been encrypted in the course of the assault.
Working with exterior cybersecurity specialists, the corporate was capable of assess the scenario, comprise the incident, and terminate the menace.
The following investigation revealed that the hacker had accessed some recordsdata on native and community shares that contained largely enterprise data.
Nevertheless, on February 28 the corporate “identified certain personal information in the data primarily relating to current and former NNA [Nissan] employees including Social Security numbers.”
In an information breach notification to the Workplace of the Maine Lawyer Basic, the corporate states that the uncovered particulars included a private identifier (e.g. title) and social safety numbers, and that monetary particulars weren’t current within the recordsdata accessed by the menace actor.
Nissan notes that it’s not conscious of the uncovered knowledge having been misused.
To mitigate the chance of this knowledge publicity, although, Nissan enclosed directions for letter recipients on how they will enroll in a free-of-charge 24-month credit score monitoring and id theft safety service by means of Experian.
Nissan has been the goal of a number of safety incidents over the previous few years, which affected numerous divisions of the Japanese automobile producer.
In early December 2023, Nissan Oceania (Australia and New Zealand) introduced an investigation right into a cyberattack and potential knowledge breach. In March 2024, Nissan confirmed thaat Akira ransomware had stolen knowledge belonging to 100,000 of its prospects.
In January 2023, Nissan North America suffered an oblique breach when a third-party expertise service supplier uncovered the information of 17,988 prospects because of a poorly configured database.
Two years earlier than, Nissan North America left an uncovered Git server repository on-line utilizing default (admin/admin) credentials, exposing 20 GB of supply code for inner apps and instruments.
Nissan reacted by pulling the repository offline solely when it was notified by a researcher who noticed customers sharing the supply code through torrents.
