Nissan Oceania Breached; 100K People Affected Down Under

  /     /     /  
Publicated : 23/11/2024   Category : security


Nissan Oceania Breached; 100K People Affected Down Under


A possible ransomware attack has exposed government and personal data of Australians and New Zealanders, encompassing the carmakers customers, dealers, and employees.



A possible ransomware attack at Nissan has exposed personal information belonging to around 100,000 people in Australia and New Zealand.
The Japanese vehicle manufacturer has a troubled history with cyberattacks, dating back
well over a decade
. It has variously suffered a
source code leak
, a
proof-of-concept
exploit affecting its electric vehicles (EVs), and
a data breach
affecting more than 1 million customers.
Most recently, on Dec. 5, hackers obtained access to IT systems at Nissans Oceania-region corporate and finance offices. The incident was rapidly addressed, the company wrote in an
update on March 13
, but not before the perpetrators exfiltrated significant amounts of sensitive data.
Dealers, some current and former employees, and customers of Renault-Nissan-Mitsubishi Alliance vehicles (which includes those three brands, as well as Infiniti and others) can expect formal notices of compromise in the coming weeks. Up to 10% of them have had at least one form of government ID stolen — 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers — and the remaining majority have lost other forms of personal information, such as copies of loan-related transaction statements, employment and salary information, and more general information like dates of birth.
Nissan hasnt revealed the nature or perpetrators of its attack. Its notable, though, that late last December
the Akira ransomware gang
claimed to have stolen 100GB of data from the companys Oceania division.
Dark Reading has reached out to Nissan Oceania for clarification on this point but has not yet received a reply.
Whats really surprising to me about this one is that they dont have data-at-rest encryption technology running, says Darren Williams, CEO and founder of BlackFog. Thats a common thing to do these days — you really should have all that personal data encrypted on drives, so even if the bad guys do get in, theyre only getting encrypted data that they cant decrypt.
Besides encryption, he suggests, companies can protect against potential extortion attacks with anti-data exfiltration (ADX) tooling, because if youre not watching the data leaving your building, then you dont know whats being lost until its too late.
Ninety-two percent of all attacks actually involve data exfiltration, Williams emphasizes. Thats how big the problem is.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Nissan Oceania Breached; 100K People Affected Down Under