cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

100k affected in Nissan Australia cyber attack

Nissan Australia has revealed that the data breach it suffered late last year has affected over 100,000 people.

user icon Daniel Croft
Thu, 14 Mar 2024
100k affected in Nissan Australia cyber attack
expand image

The incident was discovered on 5 December last year when the Australian wing of the Japanese car company detected unauthorised access by a “malicious third party” on its IT systems. The company immediately launched an investigation.

Now, in an update posted on its website, Nissan has said that roughly 100,000 people, including both customers and staff, had been affected and that it has begun the process of notifying them.

“We now know the list of affected individuals includes some of Nissan’s customers (including customers of our Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses), dealers, and some current and former employees,” it said.


“Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks.”

Despite the massive number, Nissan expects that the number of people affected may shrink due to duplicate listings.

Nissan said the data stolen by the hackers includes Medicare cards, driver’s licenses, passports, tax file numbers, transaction statements, dates of birth, and salary information.

“Current estimates are that up to 10 per cent of individuals have had some form of government identification compromised,” it added.

“The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licences, 220 passports, and 1,300 tax file numbers.

“The remaining 90 per cent of individuals being notified have had some other form of personal information impacted, including copies of loan-related transaction statements for loan accounts, employment or salary information, or general information such as dates of birth.”

While Nissan has not acknowledged the threat actor behind the breach, the attack was claimed by the Akira ransomware gang, which claimed to have stolen 100 gigabytes of data from the company.

“We’ve obtained 100GB of data of Nissan Australia,” the group wrote on 22 December.

“They seem not to be very interested in the data, so we will upload it for you within a few days. You will find docs with personal information of their employees in the archives and much other interested stuff like NDAs, projects, information about clients and partners etc.

“By the way, there is a notice on their website regarding investigation about possible personal information leakage, so we will confirm that with the data uploading.”

Akira is potentially set to have a big year of cyber crime in 2024, with the LockBit ransomware takedown earlier this year pushing skilled hackers towards the aforementioned threat group.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.