Akira’s breach of Nissan impacts 100K people


Japanese auto giant Nissan said the attack on the company’s Australian and New Zealand businesses has affected thousands of customers, dealers, and current and former employees.

Nissan said the company has started contacting people impacted by the December 2023 breach claimed by the Akira ransomware cartel. The attackers penetrated the company’s local IT servers and siphoned sensitive data.

The automaker says its investigation into the attack revealed that affected individuals include Nissan customers, customers of the company’s Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM branded finance businesses, dealers, and employees.

ADVERTISEMENT

“Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks. This number might reduce as contact details are validated and duplicated names are removed from the list,” the company’s statement reads.

Nissan claims that not everyone was impacted equally, with estimates showing that 10%, or approx. 10,000 affected individuals had their government-issued IDs exposed. Additionally, attackers obtained 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports, and 1,300 tax file numbers.

Meanwhile, 90% of the people that Nissan will contact have had other personal details exposed, such as “copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.”

The attack impacted Nissan Oceania, a regional division of the Japanese automaker, covering various company activities, including marketing, sales, distribution, and services in Australia and New Zealand.

Exposing personal identifiable information (PII) poses significant risks to affected individuals, as impersonators can use the stolen data with names and driver’s license numbers for identity theft.

Nissan said it will provide impacted individuals with credit card monitoring and identity protection services to alleviate the damage. The company has also offered to reimburse the replacement of government IDs.

The perpetrators of the attack

Akira ransomware cartel claimed the attack in late December 2023, posting Nissan on its dark web blog, which used to showcase its latest victims. The gang said that it stole 100GB of the company’s data.

ADVERTISEMENT

“They seem not to be very interested in the data, so you can find their stuff here. [...] By the way, there is a notice on their website regarding investigation about possible personal information leakage, so we confirm that with the data uploading,“ the attackers said.

The message strongly indicates that Nissan refused to pay whatever ransom Akira demanded from the company.

Akira, a ransomware group discovered in March 2023, takes its name from a Japanese cyberpunk manga. According to Ransomlooker, a Cybernews tool for ransomware monitoring, Akira victimized 245 organizations over 2023.

The group follows a consistent modus operandi, demanding ransom payments ranging from $200,000 to $4 million. If these demands are not met, they resort to publishing compromised data online.