The cyberattack on Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand, which occurred in December 2023, resulted in the theft of confidential data belonging to approximately 100,000 people, the company confirmed.
In an update posted on its website, Nissan said it had begun notifying affected people, with data stolen from customers, current and former employees, as well as some dealers.
Customers include owners of the Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM brands, the company said.
There is no news about the attackers.
Not all people have had the same type of information stolen. At the moment, Nissan believes that approximately 10% of the victims had “some type of government identification” compromised. That includes 4,000 Medicare cards, 7,500 driver's licenses, 220 passports and 1,300 tax file numbers.
For the remaining 90%, other personal information was obtained, including copies of loan-related transaction statements for loan accounts, employment or salary information, or general information such as dates of birth.
“We know this will be difficult news for people to receive and we sincerely apologize to our community for any concern or distress it may cause,” Nissan said.
In early December last year, the Japanese auto manufacturing giant said it was investigating a possible data breach and warned customers to be wary of possible fraudulent emails and messages delivering malware. In a brief notice posted on Nissan Oceania's websites at the time, it said Australia and New Zealand Financial Services and Corporation suffered a “cyber incident”.
This division is responsible for distribution, marketing, sales and services in the aforementioned countries.
The company did not discuss the type of attack or the identity of the threat actors behind it. Since the company's systems operated normally throughout the incident, it would appear that this was not a ransomware attack.
Nissan is said to be working with relevant authorities and will offer affected individuals credit and identity theft monitoring and protection through IDCARE, Equifax and Centrix.