The cyberattack on Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand, which took place in December 2023, resulted in the theft of sensitive data of approximately 100,000 people, the company has confirmed.
In an update on its website, Nissan said it had begun notifying affected individuals, with data stolen from customers, current and former employees, as well as some dealers.
Customers include owners of the Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM brands, the company said.
No news about the attackers
Not all people have the same type of information stolen. Currently, Nissan believes that approximately 10% of victims have had “some form of government identification” compromised. That includes 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers.
For the remaining 90%, other personal information was obtained, including copies of loan-related transaction statements for loan accounts, employment or salary information, or general information such as dates of birth.
“We know this will be difficult news for people to receive, and we sincerely apologize to our community for any concerns or inconvenience this may cause,” Nissan said.
In early December last year, the Japanese automaker said it was investigating a possible data breach, and warned customers to be wary of possible scam emails and messages containing malware. A brief statement published on Nissan Oceania’s websites at the time said the Australian and New Zealand Corporation and Financial Services had suffered a “cyber incident”.
This division provides distribution, marketing, sales and services in the above-mentioned countries.
The company did not discuss the type of attack, or the identity of the threat actors behind it. Considering that the company’s systems were functioning normally during the incident, it appears that this was not a ransomware attack.
Nissan would work with the relevant authorities and offer affected people identity theft and credit monitoring and protection through IDCARE, Equifax and Centrix.