iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Japanese car manufacturer Nissan has confirmed that the data breach its Australian and New Zealand subsidiary suffered in December resulted in customer data being accessed.
The incident occurred on 5 December, resulting in outages in customer services and other dealer systems. Just over two weeks later, the company confirmed that its systems were accessed by an “unauthorised third party”, saying that it had launched an investigation to determine what data had been impacted.
Now, Nissan Australia has confirmed that customer data was accessed by a third party and has begun an investigation as to what information was accessed.
“We are now aware that some data was accessed in the incident and posted on the dark web,” said Nissan.
“We are working urgently with our global incident response team and cyber forensic experts to understand what information was accessed and the types of information that was posted on the dark web.
“Where we identify customer data has been accessed in a manner which gives rise to a risk of serious harm, we will contact you in accordance with our legal obligations, including to let you know what information was involved and what support is available to you.”
Nissan Australia added that it has informed law enforcement and government bodies of the incident.
“We have already notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre, and the relevant privacy regulators and law enforcement bodies, and we are keeping them updated on our investigation,” said Nissan.
“We are deeply sorry for any concerns this has caused for those who have been impacted.”
While the group did not reveal the nature of the incident or mention the name of the threat actor behind the breach, further investigation by Cyber Daily through threat feeds has linked the incident to the Akira ransomware gang.
Upon further investigation, the ransomware group claimed on its dark web leak site that it had stolen data from Nissan Australia, including personal information belonging to employees.
“We’ve obtained 100GB of data of Nissan Australia,” the group wrote on 22 December.
“They seem not to be very interested in the data, so we will upload it for you within a few days. You will find docs with personal information of their employees in the archives and much other interested stuff like NDAs, projects, information about clients and partners etc.
“By the way, there is a notice on their website regarding investigation about possible personal information leakage, so we will confirm that with the data uploading.”
Be the first to hear the latest developments in the cyber industry.
