Nissan Oceania has issued a warning about a data breach affecting 100,000 individuals after falling victim to a cyberattack in December 2023 attributed to the Akira ransomware operation. Initially, the Japanese automaker’s regional division in Australia and New Zealand launched an investigation into a cyberattack on its systems, though a data breach was not confirmed at the time. However, two weeks later, the Akira ransomware group claimed responsibility for the attack, asserting that they had stolen 100GB of data, including personal employee information, NDAs, project data, and details on partners and clients.
Subsequent updates from Nissan confirm some of Akira’s claims, revealing that data belonging to both current and former employees, as well as customers of various dealerships in the region, had been compromised. The stolen information includes government identification such as Medicare cards, driver’s licenses, passports, and tax file numbers, affecting up to 10% of the impacted individuals. Additionally, the breach exposed other personal details such as loan-related documents, employment details, and dates of birth for the remaining 90% of affected individuals.
In response to the breach, Nissan pledges to notify impacted customers individually to provide precise details on the exposed information and offer support services. Furthermore, the company takes proactive measures to assist affected individuals, including providing access to IDCARE, free credit monitoring services through Equifax and Centrix, and reimbursement for the replacement of compromised government IDs. Despite these efforts, the situation is compounded by Akira’s leaking of the stolen data on the dark web, emphasizing the critical need for affected individuals to remain vigilant against potential scams and fraudulent activities.
