Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Nissan Oceania data breach impacted roughly 100,000 people

The ransomware attack that hit the systems of Nissan Oceania in December 2023 impacted roughly 100,000 individuals. Nissan Oceania, the regional division of the multinational carmaker, announced in December 2023 that it had suffered a cyber attack and launched an investigation into the incident. Nissan immediately notified the Australian Cyber Security Centre and the New […]

Nissan Oceania

The ransomware attack that hit the systems of Nissan Oceania in December 2023 impacted roughly 100,000 individuals.

Nissan Oceania, the regional division of the multinational carmaker, announced in December 2023 that it had suffered a cyber attack and launched an investigation into the incident. Nissan immediately notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.

Nissan Oceania refers to the regional operations of the Nissan Motor Company in the Oceania region, which includes Australia and New Zealand.

Nissan, a Japanese multinational automaker, operates globally, and its regional divisions manage business activities in specific geographic areas.

“The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.” reads the statement published by the company on its website.

The company did not share details about the attack or its scope, but a few weeks later the Akira ransomware group claimed to have stolen 100 GB of information from the company. Stolen data included corporate files and personal information

Nissan refused to pay the ransom and the cybercrime group published the alleged stolen files.

This week, Nissan Oceania announced that it started notifying the impacted individuals. 

The company added that the data breach impacted some Nissan customers, dealers, and current and former employees. The data breach also impacted the customers of Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses.

“Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks. This number might reduce as contact details are validated and duplicated names are removed from the list.” reads the update published by the company. The type of information involved will be different for each person. Current estimates are that up to 10% of individuals have had some form of government identification compromised. The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers. The remaining 90% of individuals being notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.”

The company is offering free identity theft and credit monitoring services to the impacted individuals, it is also reimbursing those who need to replace their government ID due to the incident. 

In January 2021, a misconfigured Git server caused the leak of the source code of mobile apps and internal software used by Nissan North America. The software engineer Tillie Kottmann was informed by an anonymous source that the Git server was exposed online and accessible to anyone using the default login credentials admin/admin.

In December 2017, Nissan Finance Canada was hacked, personal information of 1.13 million customers may have been exposed as a result of a data breach discovered by the company on December 11 (The biz took 10 days to disclose the incident).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Nissan Oceania)