The notorious Everest ransomware group claims to have breached Nissan Motor Corporation (Nissan Motor Co., Ltd.), the Japanese multinational automobile manufacturer.
The group published its claims on its dark web leak site on January 10, 2026, sharing six screenshots allegedly taken from the stolen data. They also revealed a directory structure showing ZIP archives, text files, Excel sheets, and CSV documents.
Based on the leaked screenshots published by the Everest ransomware group, the material appears to include directory structures and internal records allegedly linked to Nissan. The folder views show organized internal file storage containing reports, data extracts, and dealership-related documentation. File formats visible include .csv, .txt, .pgp, and .xls, suggesting a range of structured data types likely used for reporting, analysis, or internal communication.
Some files are labeled with references to specific programs, dealership information, certification reports, and claims processing. One screenshot includes a spreadsheet listing dealership names, addresses, cities, and state details, potentially linked to regional operations or incentive programs. Other directories include what look like financial records, audit reports, and system folders used in everyday operations.
While no sensitive personal data is shown in the screenshots themselves, the folder names and file types imply access to operational systems and documents that could be used to map internal processes or extract more sensitive information.
The group has given Nissan five days to respond, or the allegedly stolen data will be leaked online.
Nissan and Cybersecurity
Nissan is no stranger to cybersecurity incidents. In August 2025, the Qilin ransomware group claimed to have stolen 4TB of data from Nissan CBI (Creative Box Inc.), a Tokyo-based design subsidiary of Nissan Motor Co., Ltd.
In March 2024, Nissan confirmed that hackers had stolen the personal details of over 100,000 employees and customers following a data breach in December 2023. The incident affected both Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand.
Back in January 2021, Nissan’s source code was leaked due to a misconfigured Git server. The server had been secured using default login credentials – “admin” as both username and password.
Everest and High-Profile Data Breaches
Everest ransomware was one of the most active ransomware groups in 2025, and it appears to be continuing that momentum in 2026. So far, the group has claimed attacks on major organizations, including ASUS, Chrysler, Iberia Airlines, Under Armour, Petrobras, AT&T, Dublin Airport, and others.
As of now, Nissan has not publicly responded to the claims. Whether the data will be released or quietly handled behind the scenes remains to be seen. What’s certain is that groups like Everest are keeping steady pressure on large companies, testing the limits of their security and response.
(Photo by Frank Albrecht on Unsplash)