Nissan’s Creative Box design studio targeted in alleged 4TB data breach by Qilin ransomware gang

Nissan’s Creative Box design studio in Tokyo has appeared on the victim blog of the Qilin ransomware gang, which claims to have stolen more than 4 terabytes of proprietary data from the subsidiary.

The hackers alleged on Thursday that they exfiltrated 405,882 files totaling 4,037 gigabytes from Nissan Creative Box, also known as Nissan CBI. The stolen data reportedly includes 3D design files, reports, photos, videos and other internal documents related to Nissan automobiles.

“While we have no intention of releasing all of this data yet, if Nissan refuses to acknowledge or ignore, it will,” the group warned on its leak site. “At that point, everyone, including competitors, will have access to detailed data of all Nissan CBI projects.”

Founded in 1987 by designer Shozo Sato, Nissan Creative Box is regarded as the automaker’s design think tank. Based in the Harajuku district of Tokyo, the studio is a wholly owned subsidiary that has worked on concept cars such as the Nissan Nuvu and is listed by Nissan as one of its major affiliates in Japan.

So far, the hackers have released only a small sample of the alleged cache. According to researchers, the shared material includes four images: 3D pre-release design models, an internal Excel file and two internal photos.

The breach marks the latest in a string of cyber incidents targeting Nissan in recent years. In May 2024, the company disclosed that its North American subsidiary had been hacked, exposing the personal information of more than 53,000 employees. Two months earlier, the Russian-linked Akira ransomware group claimed to have infiltrated Nissan’s Australian and New Zealand operations, affecting about 100,000 customers and dealers and compromising thousands of personal documents, including passports, driver’s licenses and Medicare cards.

Nissan has also previously reported data leaks through third-party software providers, including a 2022 breach that exposed customer information.

The Qilin gang, also known as Agenda, operates under a ransomware-as-a-service model and uses double extortion tactics, threatening both encryption and data exposure. Active since at least 2021, the group has increasingly targeted hospitals and manufacturing companies. According to cyber monitoring data, Qilin has listed 483 victims in the past 12 months, including 401 since January 2025, making it one of the most active ransomware groups currently operating.

Earlier this month, Qilin claimed responsibility for an August 8 attack on U.S. pharmaceutical company Inotiv, allegedly stealing 176 gigabytes of internal files. Other high-profile victims have included South Korea’s SK Group, U.S. newspaper chain Lee Enterprises, Detroit’s PBS station, the Houston Symphony and several global auto parts suppliers.

Nissan has not publicly commented on the latest claims against its Creative Box subsidiary.