Massive Nissan Data Breach Affects Thousands

Massive Nissan Data Breach Affects Thousands

(DailyDig.com) – Nissan, a Japanese automaker, announced on May 15 that they had been victims of ransomware in November last year. The cyberattack targeted Nissan’s external VPN, which shut down their systems in order to deliver a ransom.

The attackers demanded a ransom for the data they accessed, which included the personal information of over 53,000 employees, both former and current. The data retrieved included the employees’ Social Security numbers. Nissan North America, its US subsidiary, dispatched letters to the affected employees on May 15. The letter explained the ransomware attack and the demand for payment. They did not indicate whether they had paid the money.

The letter also included the procedure that Nissan followed after the attack: they contacted law enforcement immediately and began working with them during their investigation to contain and eliminate the threat of employees’ data exposure. Nissan collaborated with other cybersecurity officials who possessed extensive experience in handling security threats.

A month after the attack, Nissan informed their employees of the data breach and what they had been doing by working with law enforcement and other professionals. Nissan informed their employees that they would receive personal notifications if the attack accessed their data. Nissan subsequently clarified that they will offer free identity theft services for a two-year period to safeguard against any potential damage from the attack.

Nissan North America, the US division of Nissan, also contacted officials from each state regarding the attack. According to Nissan, the investigation revealed that the breach did not expose the financial data of any affected employees. The letter from the automaker stated that the investigation appears to show that employee financial data was not the true target of the attackers.

Erich Kron, an advocate for cybersecurity awareness, released a statement that explained that the attack on Nissan occurred by using the VPN to avoid knowledge of their breach into the carmakers’ security controls. He said Nissan’s quick response to the attack was the correct action.

Copyright 2024, DailyDig.com