Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation.
In early December, the Japanese automaker’s regional division covering distribution, marketing, sales, and services in Australia and New Zealand announced it was investigating a cyberattack on its systems.
A data breach was not confirmed then, but Nissan suggested that its customers be vigilant across their accounts and look out for potential scam attempts.
Two weeks later, the Akira ransomware gang took responsibility for the attack and claimed it had stolen 100GB of data, including documents containing personal employee information, NDAs, project data, and information on partners and clients.
Nissan’s latest update confirms some of Akira’s claims, admitting that hackers stole data on some current and former employees, as well as customers of Nissan, Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM dealerships in the region.
“Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks,” reads Nissan’s updated statement.
“This number might reduce as contact details are validated and duplicated names are removed from the list.”
Up to 10% of these individuals had government identification compromised, including Medicare cards, driver’s licenses, passports, and tax file numbers.
“The type of information involved will be different for each person. Current estimates are that up to 10% of individuals have had some form of government identification compromised,” continues Nissan’s statement.
“The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers.”
The remaining 90% had other personal information impacted, such as loan-related documents, employment details, and dates of birth.
Nissan promised to notify impacted customers individually to inform them exactly what information was exposed, what they can do, and what forms of support are available.
Unfortunately, Akira has already leaked the stolen data through its extortion page on the dark web.
To support impacted customers, Nissan provides free access to IDCARE, free credit monitoring services through Equifax in Australia and Centrix in New Zealand, and reimbursement for the replacement of compromised government IDs.
The automaker also advises customers to remain vigilant for suspicious activity on their accounts and to report it to the authorities, enable multi-factor authentication where possible, and update passwords regularly.