Nissan Confirms Data Breach on North America Subsidiary, Employee Social Security Numbers Exposed

The company has notified thousands of former and current employees.

Nissan has confirmed that a data breach by a bad actor had occurred within Nissan North America, reportedly compromising critical information of 53,000 former and current employees.

Bleeping Computer reports that Nissan revealed that the threat actor attacked its external VPN, shut down a few corporate systems, and demanded a ransom. The business states that none of its systems were encrypted during the attack.

The business was able to evaluate the situation, control the problem, and eliminate the threat by collaborating with outside cybersecurity specialists.

Following an inquiry, it was discovered that the hacker had gained access to a few files on network and local drives, most of which contained business-related data.

However, on February 28, the business discovered some private information, including Social Security numbers, in the data, mostly about present and past NNA [Nissan] employees.

JAPAN-AUTOMOBILE-BUSINESS-HONDA-NISSAN
Makoto Uchida, president and CEO of Nissan, attends a joint press conference with Toshihiro Mibe (not pictured), Honda director, president and representative executive officer in Tokyo on March 15, 2024. PHILIP FONG/AFP via Getty Images

(Photo: PHILIP FONG/AFP via Getty Images) Makoto Uchida, president and CEO of Nissan, attends a joint press conference with Toshihiro Mibe (not pictured), Honda director, president, and representative executive officer in Tokyo on March 15, 2024.

Attacks known as ransomware, in which online thieves take down a target's computer systems or steal data, then demand payment to get the system working again, are becoming more frequent.

According to a cybersecurity expert, the hacker could access the company's VPN by most likely obtaining a password or multi-factor authentication token from a current Nissan employee.

Erich Kron, a cybersecurity awareness advocate at KnowBe4, said that while it is regrettable that personal information was compromised in the intrusion, Nissan made the right decision by investigating further and disclosing the new information.

According to Kron, in this scenario, focusing on the VPN would frequently enable malevolent actors to elude discovery and circumvent numerous organizational security measures.

Read Also: France Open to BYD Factory: Chinese Automaker Considers European Expansion

Compromised Nissan Employee Information

The organization reports a data breach to the Office of the Maine Attorney General, stating that the information exposed consisted of social security numbers and personal identifiers (such as names) and that the threat actor did not have access to any financial information.

Nissan said it does not know of any misuse of the disclosed data. To reduce the possibility of this data exposure, however, Nissan sent letter recipients instructions on how to sign up for complimentary 24-month credit surveillance and protection from identity theft program via Experian

Nissan Data Breaches

This data breach follows just a few months after Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand were hit by a data breach last December. The ransomware organization Akira reportedly claimed credit for the data breach and threatened to reveal the stolen documents unless a ransom was paid.

Nissan notified its customers about the "disruptive incident" that same month, but crucial details about data exfiltration have not been confirmed until now. Akira allegedly boasted of taking an incredible 100 terabytes of data, including employee personal information and company documentation.

It is claimed that each affected individual would have had specific data compromised during this data breach. According to current estimates, up to 10% of people may have had their government identity hacked.

Ninety percent of the people who were not contacted had more personal information compromised. This could include basic information like dates of birth, information about employment or salary, or copies of loan-related transaction statements for loan accounts.

ChatGPT Privacy Guide: Here Are Some Tips to Protect Your Data in OpenAI's Chatbot
Here are some tricks that you can do to have more privacy when using OpenAI's ChatGPT. Tech Times

(Photo: Tech Times)

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics