Security

Cyber-crime

Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack

Akira ransomware crooks brag of swiping thousands of ID documents during break-in


Over the next few weeks, Nissan Oceania will make contact with around 100,000 people in Australia and New Zealand whose data was pilfered in a December 2023 attack on its systems – perhaps by the Akira ransomware gang.

The cyberbaddies stole some form of government identification from up to ten percent of victims. Among the data stolen from the automotive manufacturer was info on 4,000 Medicare cards - Australia's national health insurance scheme - plus 7,500 driving licenses, 220 passports, and 1,300 tax file numbers.

The remaining 90 percent of folks had other info stolen - perhaps copies of loan-related transaction statements, employment details, or salary information. The heist may also include personally identifiable information (PII) such as dates of birth.

Some of those affected by the breach were customers of finance services that Nissan operated and branded for rival automakers Mitsubishi, Renault, Infiniti, LDV, and RAM.

"We know this will be difficult news for people to receive, and we sincerely apologize to our community for any concerns or distress it may cause," Nissan said in a statement posted to its website.

"We are committed to contacting affected individuals as soon as possible to tell them what information was involved, how we are supporting them, and the steps they can take to protect themselves against the risk of harm, identity theft, scams, or fraud."

In Australia, affected individuals are being offered 12 months of free credit monitoring from Equifax, and in New Zealand, a similar service is being made available through Centrix.

Individuals in both territories will also have access to IDCARE's services for protecting against the misuse of stolen data, and those who need ID documents replaced can claim the cost back with Nissan Oceania.

Ransomware at play?

The company didn't say at the time whether ransomware was involved, and still hasn't mentioned it today, but the original intrusion was claimed by the Akira group.

Data supposedly belonging to Nissan Oceania is available to download via Akira's website, suggesting that if ransomware was involved the automaker refused to pay.

Akira claims to have stolen 100 GB worth of data, including personal data. "They seem to not be very interested in the data, so you can find their stuff here," Akira's website reads.

"You will find docs with personal information of their employees in the archives and much other interested stuff like NDAs, projects, information about clients and partners etc."

Akira has been responsible for attacks on many other major organizations since spinning up in March 2023, including cosmetics giant Lush and Stanford University, which just this week admitted to a data leak of 27,000 people's information.

El Reg sent a request for comment to Nissan Oceania to seek comment on the possibility ransomware caused this incident, but it did not immediately respond. ®

Send us news
7 Comments

RansomHub claims to net data hat-trick against Bologna FC

Crooks say they have stolen sensitive files on managers and players

Interpol nabs thousands, seizes millions in global cybercrime-busting op

Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more

Fully patched Cleo products under renewed 'zero-day-ish' mass attack

Thousands of servers targeted while customers wait for patches

Ransom gang claims attack on NHS Alder Hey Children's Hospital

Second alleged intrusion on English NHS org systems this week

How Chinese insiders are stealing data scooped up by President Xi's national surveillance system

'It's a double-edged sword,' security researchers tell The Reg

Man accused of hilariously bad opsec as alleged cybercrime spree detailed

Complaint claims he trespassed, gave himself discounts, and sorted CCTV access…

Heart surgery device maker's security bypassed, data encrypted and stolen

Sounds like th-aorta get this sorted quickly

Major energy contractor reports 'limited' access to IT after ransomware locks files

ENGlobal customers include the Pentagon as well as major oil and gas producers

Severity of the risk facing the UK is widely underestimated, NCSC annual review warns

National cyber emergencies increased threefold this year

Blue Yonder ransomware termites claim credit

Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren't; Polish spy boss arrested, and more

America's drinking water systems have a hard-to-swallow cybersecurity problem

More than 100M rely on gear rife with vulnerabilities, says EPA OIG

US names Chinese national it alleges was behind 2020 attack on Sophos firewalls

Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware