Another Instance of Nissan Data Breach: 100K People Affected Across New Zealand and Australia

Nissan, the Japanese car manufacturing company, experienced a mind-boggling ransomware attack on December 5, 2024, resulting in a complete frenzy across Australia and New Zealand. This is not the first time that Nissan has come under the radar of cybercriminals. Earlier, this automobile company faced attacks such as proof of concept exploitation, source code leak issues, and data breach cases. Apparently, the notorious Akira ransomware gang is the mastermind behind this cyber scam. They have claimed to have scraped a whopping 100GB of data.

The latest instance involves the Oceania region finance and corporate offices. Nissan Oceania is responsible for sales, distribution, marketing and services in New Zealand and Australia. The attack affected both the employees and the customer base of the Nissan, Renault, Mitsubishi, RAM, Infiniti, and LDV brands.

The cybercriminals managed to access sensitive data such as 7500 driver’s licenses, 4000 medicare cards, 1300 tax file numbers, and 220 passports. Fraudsters also managed to access copies of loan transaction details, salary and employment-related data.

Nissan’s authority responded swiftly by alerting the relevant departments, clients, and employees about the cyber attack. They took apt measures to limit the impact of the malicious attack. They have advised the customers to keep an eye on possible scams and suspicious online activities.

Their formal plans involve notifying the impacted 100,000 individuals about the data breach incident. Nissan has also been working hand in hand with the cyber forensic departments and government authorities.

Nissan has apologised sincerely for any and every kind of distress caused by this cyber attack. To compensate the loss, Nissan has promised to offer a year long free credit to the affected customer base across Australia and New Zealand. They are working with Equifax and Centrix to carry out the process seamlessly. 

Besides, those affected are also given the access to IDCARE services. IDCARE is dedicated to protect their exposed data from being misused by threat actors. Customers and employees who are required to replace their ID documents can also claim reimbursement for the expenses incurred. 

Image sourced from panzura.com

Gang Akira- The Mastermind Behind the Cyber Fiasco!

These cyber baddies have publicly put up the stolen data on their website. It appears that they are not really into the stolen data and all they want is to create a sense of unrest and panic.

Previously, Akira broke into the system of some of the biggies, such as the prestigious Stanford University and Lush, the cosmetics brand.

What the Affected Individuals Can Actually Do?

Now that their sensitive data has been uploaded publicly on Akira’s website, the victims should:

• Not share their password details or OTP with anyone.
• Not click on any link in their email or SMS.
• Not give remote access to anyone for any purpose.
• Not believe anyone who claims to be calling from Nissan.
• Stay vigilant when it comes to their credit card and bank accounts.
• Keep an eye on online accounts and report the slightest instances of anomaly.

With an increasing grip of threat actors on big brands like Nissan, cybersecurity is gradually becoming a matter of concern for big companies as well as laymen. Implementing robust phishing protection solutions can significantly reduce this risk. These solutions use advanced detection algorithms to identify and neutralize phishing threats, thereby providing an essential layer of ransomware protection.