A possible ransomware attack against Nissan has revealed personal information belonging to around 100,000 people in Australia and New Zealand.
The Japanese vehicle maker has a troubled history with cyberattacks, dating back a long time well over a decade. He has variously suffered a source code leakA theoretical verification exploitation affecting its electric vehicles (EVs), e a data breach affecting more than 1 million customers.
Most recently, on December 5, hackers gained access to IT systems in Nissan’s corporate and financial offices in the Oceania region. The incident was resolved quickly, the company wrote in a statement update March 13thbut not before the perpetrators have exfiltrated significant amounts of sensitive data.
Dealers, certain current and former employees, and customers of vehicles in the Renault-Nissan-Mitsubishi Alliance (which includes these three brands, as well as Infiniti and others) can expect formal notices of compromise in the coming weeks. Up to 10% of them have had at least one government ID stolen (4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 Social Security numbers), and the remaining majority have lost other forms of personal information, such as copies of loan transaction statement documents, employment and salary information, and more general information such as dates of birth.
Was it ransomware?
Nissan did not reveal the nature or perpetrators of its attack. It is noteworthy, however, that at the end of last December the Akira ransomware gang claimed to have stolen 100GB of data from the company’s Oceania division.
Dark Reading has contacted Nissan Oceania for clarification on this point but has not yet received a response.
“What really surprises me about this is that they don’t have encryption technology at rest,” says Darren Williams, CEO and founder of BlackFog. “It’s a common thing these days: You should really have all your personal data encrypted on the drives, so even if bad guys get in, they only get encrypted data that they can’t decrypt.”
In addition to encryption, he suggests, companies can protect themselves from potential extortion attacks with anti-data exfiltration (ADX) tools, “because if you don’t look at the data coming out of your building, you won’t know what’s lost until it’s too late.” . .”
“92% of all attacks actually involve data exfiltration,” Williams points out. “That’s how big the problem is.”