Key points:

• Nissan Oceania suffered a cyberattack by the Akira ransomware operation in December 2023.
• Initially, Nissan investigated the attack without confirming a data breach.
• The Akira gang claimed responsibility for the attack, stating they stole 100GB of data, including personal employee information, NDAs, project data, and information on partners and clients.
• Nissan later confirmed the breach, acknowledging the exposure of data belonging to customers and employees of various dealerships.
• The compromised data included government identification such as Medicare cards, driver's licences, passports, and tax file numbers for some individuals.
• Nissan promised to notify affected customers individually and provide support, including access to IDCARE and free credit monitoring services.
• The stolen data was already leaked by Akira on the dark web, heightening concerns for potential misuse.

Takeaways to avoid such issues:

• 
  Regularly update cybersecurity protocols and invest in robust security measures.
• Conduct thorough security assessments and implement effective data encryption techniques.
• Educate employees and customers about cybersecurity best practices, including password management and recognizing phishing attempts.
• Establish response plans for cyber incidents to minimise damage and ensure timely communication with affected parties.
• Collaborate with cybersecurity experts and law enforcement agencies to address cyber threats effectively.

Source and further reading.

Toulas, B. (2024b, March 14). Nissan confirms ransomware attack exposed data of 100,000 people. BleepingComputer. https://www.bleepingcomputer.com/news/security/nissan-confirms-ransomware-attack-exposed-data-of-100-000-people/?utm_source=dlvr.it&utm_medium=linkedin

Labus, H. (2024, March 18). Nissan breach exposed data of 100,000 individuals - Help Net Security. Help Net Security. https://www.helpnetsecurity.com/2024/03/18/nissan-data-breach/