Nissan: About 100,000 people in Australia, New Zealand affected by recent cyberattack

Japanese automaker Nissan said that the personal information of about 100,000 individuals in Australia and New Zealand was exposed during a cyberattack that the company reported in December.

Nissan published new details of the investigation into the incident on Wednesday, stating that it has begun notifying the victims, which include customers, dealers and some current and former employees.

The total number of people might reduce “as contact details are validated and duplicated names are removed from the list,” the company said.

During the attack, the unknown threat actor gained unauthorized access to Nissan's local IT servers. Since that time, Nissan said it has been working with government authorities in Australia and New Zealand, as well as external cyber experts to review the compromised data and understand the impact on affected individuals.

The type of compromised information will vary for each person, Nissan said. According to current estimates, up to 10% of individuals have had some form of government identification compromised. This includes approximately 4,000 Australian Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers.

The remaining 90% of victims have had some other form of personal information impacted, including copies of loan-related transaction statements for loan accounts, employment or salary information, or general information such as dates of birth.

For those affected by the breach, Nissan will offer free credit monitoring and reimbursement where the replacement of government ID is recommended by the relevant issuing authority.

“We know this will be difficult news for people to receive, and we sincerely apologize to our community for any concerns or distress it may cause,” Nissan said.

In January 2023, Nissan warned thousands of its customers of its finance division about the potential leak of personal information through a third-party vendor.

Data from car companies and car insurance providers is typically in high demand among cybercriminals, with multiple threat actors and groups leaking stolen data on the dark web.

Earlier in November, another Japanese carmaker, Toyota, also suffered a cyberattack that targeted its European and African financial services department.

In September, nearly 15,000 accounts were raided at several large automakers' websites to harvest important information about thousands of individual vehicles.