A Russia-linked ransomware gang is threatening to expose 900GB of Japanese auto manufacturing giant Nissan’s internal data.
-
Ransomware gang threatens to leak 900GB of Nissan internal data.
-
Leaked samples allegedly include dealership documents, car dealer information, and internal reports.
-
Previously Nissan has suffered multiple breaches including 21,000 customer records in December 2025 and 53,000 employee records in 2024.
Posted on January 10th on Everest Group’s leak site on the dark web, the gang claims that the supposed Nissan data breach may have netted them 900GB of Nissan’s data.
At the time of publishing, there are still five days left until the data will be leaked online. Such threats are a common tactic used by ransomware gangs to pressure victims into paying a ransom or initiating negotiations.
The gang released data samples, which the Cybernews research team has investigated. The data sample included a screenshot of a document with car dealer names, addresses, and dealership programs.
The threat actors also shared screenshots of folder contents that look like internal company documents, lost and found car key reports, and other documents related to various dealerships partnered with Nissan.
“The impact here is mainly reputational. It is also very likely that these internal documents contain either employee or clientele contact info, which could increase the risk for phishing, but we cannot confirm this 100%,” our research team explained.
“If there is employee PII present, this increases the possibility of legal consequences for the company.”
Nissan Motors, or Nissan, is a major Japanese automobile manufacturer founded in 1933, with its headquarters in Yokohama, Japan. The company's revenue for 2025 is forecasted to reach $75.8 billion.
Nissan has suffered multiple data breaches
Cybernews has reached out to the company for confirmation. If the claims prove to be legitimate, it won’t be the first time Nissan has suffered a data breach.
In December 2025, hackers exfiltrated personal information of approximately 21,000 Nissan customers by accessing Red Hat, Nissan’s customer management system for sales providers.
In 2024, the Akira ransomware gang claimed to have breached Nissan, affecting 100,000 individuals in Australia and New Zealand. The attackers penetrated the company’s local IT servers.
In the same year, a cyberattack was launched against Nissan’s North American subsidiary, revealing sensitive data for over 53,000 employees, as well as business information.
Everest Group attacks have devastated multiple industries
Believed to be related to Russia, the Everest gang first emerged on the scene in July 2021. According to Cybernews' in-house surveillance tool, Ransomlooker, the gang has listed 330 victims since 2023, with many well-known names on its victim list.
One of the group’s latest targets was ASUS. At the beginning of December, it claimed that it had stolen 1TB of the company’s data, including “camera source data.”
In November, the gang targeted the Italian gas giant SIAD Group. The company confirmed the breach, stating that it did not affect “continuity of operations.”
It also listed Brazil’s oil giant Petrobras. The attackers claimed to have exfiltrated seismic and exploration data from the company’s newly explored oil location.
The most disruptive attacks conducted by the gang last year affected the aviation sector. It listed Air Miles España, a company operating Spain’s leading loyalty program, Travel Club.
The attackers claimed to have exfiltrated 131GB of data, including millions of customer records such as names, emails, account IDs, demographics, activity data, and marketing information.
Everest is also behind an attack on the Spanish airline Iberia. Apart from stealing customer data, the gang claimed it had gained “long-term, unfettered access” to all bookings, with the ability to view and edit them.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked