Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand, collectively known as Nissan Oceania, have started reaching out to individuals affected by a recent cyberattack that targeted its local operations.
The organization anticipates formally notifying approximately 100,000 individuals about the Nissan cyberattack in the coming weeks, although this number may be subject to adjustments as contact details are verified and duplicate entries are removed.
Acknowledging the distress and concern Nissan cyberattack may cause, the company extends its sincere apologies to the affected community.
The company is committed to promptly informing affected individuals about the specific information compromised, the support available to them, and steps they can take to mitigate risks such as identity theft, scams, or fraud.
“We know this will be difficult news for people to receive, and we sincerely apologize to our community for any concerns or distress it may cause. We are committed to contacting affected individuals as soon as possible to tell them what information was involved, how we are supporting them, and the steps they can take to protect themselves against the risk of harm, identity theft, scams, or fraud,” reads Nissan’s Official Statement.
Identifying Affected Stakeholders in the Nissan Cyberattack
The scope of those affected encompasses a range of stakeholders, including Nissan customers (including customers of Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM branded finance businesses), dealers, as well as current and former employees.
“The fact that around 10,000 were believed to have had seriously critical PII data stolen, such as driving licenses and Medicare cards, as a result of the Nissan cyberattack, is really quite concerning. The perpetrators of this attack managed to steal confidential data and will surely try to blackmail the victims endlessly for extortion purposes,” said Darren Williams, CEO and Founder of Blackfog.
“They were able to evade the security tools at the front door and remain hidden in the system of a multinational global brand for months, highlighting the sophistication of today’s cybercriminals. To really reduce the chance of data breaches, organizations need to look beyond perimeter defense and focus on securing the back door with anti data exfiltration solutions,” Williams added further.
The Nissan cyberattack, which occurred on December 5, 2023, involved a malicious third party gaining unauthorized access to the company’s local IT servers.
The compromised data varies for each individual, with initial estimates suggesting that up to 10% of those notified have had some form of government identification compromised. This includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers.
For the remaining 90% of individuals, other personal information such as loan-related transaction statements, employment or salary details, and dates of birth have been impacted.
Support Measures Implemented
Immediate actions were taken by the organization to contain the Nissan cyberattack, followed by prompt notifications to relevant government authorities, including the Australian and New Zealand national cyber security centers and privacy regulators.
Since the discovery of the cyber incident, Nissan has been collaborating closely with government agencies and external cyber forensic experts to assess the compromised data and understand its impact on individuals within the community.
Nissan has implemented several measures to assist affected individuals, including partnerships with reputable organizations such as IDCARE, Australia and New Zealand’s national identity and cyber support community service. IDCARE will provide expert guidance and support to impacted individuals, addressing concerns about potential misuse of personal information.
Additionally, free credit monitoring services will be provided through Equifax in Australia and Centrix in New Zealand to help individuals detect any fraudulent activity. Nissan will also reimburse the costs associated with replacing primary identity documents where advised by the relevant government agency.
To further support affected individuals, Nissan has established dedicated customer support lines in Australia and New Zealand, operational on weekdays from 7 am to 7 pm AEDT. These lines will provide assistance to those who have received notifications regarding the breach.
In addition to the support measures outlined, Nissan advises affected individuals to remain vigilant against potential threats by avoiding suspicious online activity, refraining from clicking on unfamiliar links or opening suspicious emails, and verifying the authenticity of communications received. It is recommended to update passwords regularly, use strong and unique passwords for different accounts, enable multi-factor authentication where available, and report any suspicious activities to relevant authorities.
Nissan remains committed to transparency and proactive engagement as it navigates through the aftermath of this cyber incident, prioritizing the welfare and security of its customers, partners, and employees.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.