Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Nissan’s Tokyo-based design studio, Creative Box, has allegedly been hit by a ransomware attack, according to threat actor claims.
Creative Box is a small Nissan design studio based in Harajuku that blurs “the line between art and design”, according to senior vice president of global design at Nissan, Alfonso Albaisa. The studio designs car concepts, production models and other Nissan projects.
Creative Box was listed on the dark web leak site of the Qilin ransomware gang, which claimed to have stolen just over four terabytes of data, including “3D design data, reports, photos, videos and various documents of Nissan automobiles”.
“While we have no intention of releasing all of this data yet, if Nissan refuses to acknowledge or ignore, it will.
“At that point, everyone, including competitors, will have access to detailed data at all of Nissan CBI projects,” it said.
So far, Nissan has not publicly acknowledged the breach claims.
Nissan has been the target of multiple cyber attacks over the last few years, having suffered three cyber attacks in late 2023 and 2024 alone.
On 5 December 2023, the Australian wing of the Japanese car company detected unauthorised access by a “malicious third party” on its IT systems. The company immediately launched an investigation.
In an update posted on its website, Nissan has said that roughly 100,000 people, including both customers and staff, had been affected and that it has begun the process of notifying them.
“We now know the list of affected individuals includes some of Nissan’s customers (including customers of our Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses), dealers, and some current and former employees,” it said.
“Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks.”
Months later, the Oceania call centre of Nissan was impacted by an OracleCMS data breach, which it had hired to manage calls following the earlier cyber attack.
“Regrettably, we became aware on 18 April [2024] that the external supplier we contracted to manage our dedicated cyber incident call centre, OracleCMS, was impacted by its own data breach that affected several of its clients, including Nissan,” Nissan Oceania said in a 21 May 2024 update on its incident page.
Around the same time, Nissan North America revealed that roughly 53,000 were affected in a separate cyber attack that occurred in November 2023.
Be the first to hear the latest developments in the cyber industry.
