Nissan Oceania to reach 100,000 affected individuals in data breach

Nissan Oceania is set to notify approximately 100,000 individuals in Australia and New Zealand regarding a data breach that occurred in December 2023, potentially orchestrated by the Akira ransomware group.

The cyberattack resulted in the theft of various forms of government identification from up to ten percent of the victims. The compromised data included 4,000 Medicare cards, 7,500 driving licenses, 220 passports, and 1,300 tax file numbers. Additionally, the personal information of the remaining 90 percent of individuals was also pilfered, including details such as loan-related transaction statements, employment information, and possibly dates of birth.

Notably, some affected individuals were customers of finance services provided by Nissan for rival automakers Mitsubishi, Renault, Infiniti, LDV, and RAM.

In response to the breach, Nissan expressed regret for any distress caused and pledged to inform affected individuals promptly about the compromised information, the support available to them, and steps they can take to mitigate risks such as identity theft or fraud.

Affected individuals in Australia will receive 12 months of free credit monitoring from Equifax, while those in New Zealand will have access to a similar service from Centrix. Additionally, both territories will have access to IDCARE’s services for safeguarding against data misuse, with reimbursement available for individuals needing to replace their ID documents.

Although Nissan did not confirm whether ransomware was involved in the attack, the Akira group claimed the intrusion, which has made data purportedly belonging to Nissan Oceania available for download on its website. Despite this, Nissan appears to have refused any ransom demands.

Akira, active since March 2023, has targeted numerous major organizations, including Lush and Stanford University, raising concerns about the growing threat of cyberattacks on global entities.