Nissan North America informed the Maine Attorney General this week that a ransomware attack launched last year resulted in the personal information of employees getting compromised.
According to the company, it learned in early November 2023 that a threat actor had gained access to its systems through an external VPN. The attacker did not encrypt data or disrupt any systems, but it did steal files from local and network shares and demanded a ransom.
An initial investigation showed that the files potentially accessed by the hackers only contained business information. However, in late February 2024, Nissan determined that the compromised files did include personal information, mainly related to current and former employees, including names and social security numbers.
The company says it’s not aware of any instances of fraud or identity theft resulting from the incident, but it has decided to provide free protection services to impacted employees.
The carmaker told the Maine Attorney General’s Office that just over 53,000 individuals are impacted by the data breach.
Nissan North America previously disclosed a data breach in January 2023, when it informed roughly 25,000 customers that their personal information was exposed in a data breach at a third-party services provider.
At around the time of the latest cyberattack targeting Nissan North America, Nissan Oceania was also hit by ransomware. The Akira ransomware group took credit for that attack, claiming to have stolen 100 Gb of information.
The incident, which impacted Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand, was initially said to affect roughly 100,000 individuals.
No ransomware group appears to have taken credit for the newly disclosed Nissan North America attack and it’s unclear if the two incidents are related.
Commenting on the incident, Venky Raju, field CTO at ColorTokens, noted that there is a growing trend of these types of ‘smash and grab’ attacks, “where hackers are getting in, grabbing whatever they can find, and getting out”.
“The data is sifted and then sold on the dark web or it is being used by the same actors as part of their reconnaissance,” Raju explained.
“Smash and grab attacks rely on speed and ease of lateral movement within the network, as the adversary wants to find useful data quickly to avoid detection. Implementing microsegmentation prevents, or will significantly slow down, the ability of the adversary to achieve their objectives, providing the security team with valuable time to detect and respond,” the expert added.
Related: Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive
Related: Nissan Canada Informs 1.1 Million Customers of Data Breach
Related: Biden Administration Will Investigate National Security Risks Posed by Chinese-Made ‘Smart Cars’
