Nissan Australia today released a statement that they have started contacting around 100000 customers who may have had their personally identifiable information (PII) compromised three months ago when they were hit by a cyberattack:
We now know the list of affected individuals includes some of Nissan’s customers (including customers of our Mitsubishi, Renault, Skyline, Infiniti, LDV and RAMS branded finance businesses), dealers, and some current and former employees.
Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks. This number might reduce as contact details are validated and duplicated names are removed from the list.
The type of information involved will be different for each person. Current estimates are that up to 10% of individuals have had some form of government identification compromised. The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers.
The remaining 90% of individuals being notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.
We know this will be difficult news for people to receive, and we sincerely apologise to our community for any concerns or distress it may cause.
Darren Williams, CEO and Founder of Blackfog had this to say:
“The fact that around 10,000 were believed to have had seriously critical PII data stolen, such as driving licenses and Medicare cards, as a result of the Nissan cyberattack, is really quite concerning. The perpetrators of this attack managed to steal confidential data and will surely try to blackmail the victims endlessly for extortion purposes.
They were able to evade the security tools at the front door and remain hidden in the system of a multinational global brand for months, highlighting the sophistication of today’s cybercriminals. To really reduce the chance of data breaches, organizations need to look beyond perimeter defense and focus on securing the back door with anti data exfiltration solutions.”
This sort of PII is like gold to a threat actor as it can be used by the threat actor to launch secondary attacks or simply sold to the highest bidder to do the same thing. This is bad and hopefully Nissan does better on this front as this situation is not acceptable.
Related
This entry was posted on March 13, 2024 at 10:58 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Nissan Australia Notifies 100000 Customers That Their PII Was Swiped In A Hack From Three Months Ago
Nissan Australia today released a statement that they have started contacting around 100000 customers who may have had their personally identifiable information (PII) compromised three months ago when they were hit by a cyberattack:
We now know the list of affected individuals includes some of Nissan’s customers (including customers of our Mitsubishi, Renault, Skyline, Infiniti, LDV and RAMS branded finance businesses), dealers, and some current and former employees.
Nissan expects to formally notify approximately 100,000 individuals about the cyber breach over the coming weeks. This number might reduce as contact details are validated and duplicated names are removed from the list.
The type of information involved will be different for each person. Current estimates are that up to 10% of individuals have had some form of government identification compromised. The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers.
The remaining 90% of individuals being notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.
We know this will be difficult news for people to receive, and we sincerely apologise to our community for any concerns or distress it may cause.
Darren Williams, CEO and Founder of Blackfog had this to say:
“The fact that around 10,000 were believed to have had seriously critical PII data stolen, such as driving licenses and Medicare cards, as a result of the Nissan cyberattack, is really quite concerning. The perpetrators of this attack managed to steal confidential data and will surely try to blackmail the victims endlessly for extortion purposes.
They were able to evade the security tools at the front door and remain hidden in the system of a multinational global brand for months, highlighting the sophistication of today’s cybercriminals. To really reduce the chance of data breaches, organizations need to look beyond perimeter defense and focus on securing the back door with anti data exfiltration solutions.”
This sort of PII is like gold to a threat actor as it can be used by the threat actor to launch secondary attacks or simply sold to the highest bidder to do the same thing. This is bad and hopefully Nissan does better on this front as this situation is not acceptable.
Share this:
Like this:
Related
This entry was posted on March 13, 2024 at 10:58 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.