In a recent cyber attack on Nissan Oceania’s systems, around 100,000 individuals in Australia and New Zealand have fallen victim to data theft, possibly orchestrated by the notorious Akira ransomware gang. The breach, which occurred in December 2023, has left a significant portion of the affected population vulnerable to identity theft and fraudulent activities.
What Data Has Been Compromised in the Nissan Oceania Attack?
Among the stolen data are crucial government identification documents, with up to ten percent of victims having their information compromised. Shockingly, the stolen data includes details from 4,000 Medicare cards, 7,500 driving licenses, 220 passports, and 1,300 tax file numbers, amplifying concerns over the misuse of such sensitive information.
The remaining 90 percent of individuals had various other personal information stolen, ranging from loan-related transaction statements to employment details and salary information. It is noteworthy that the stolen data potentially exposes personally identifiable information such as dates of birth.
Furthermore, the breach has impacted not only Nissan customers but also clients of finance services offered by Nissan and branded for rival automakers including Mitsubishi, Renault, Infiniti, LDV, and RAM, broadening the scope of those affected.
In response to the breach, Nissan Oceania has issued a statement expressing deep regret and apologizing for any distress caused to the community. The company is taking steps to inform affected individuals about the extent of the breach, the support available to them, and measures they can take to protect themselves against identity theft, scams, or fraud.
Affected individuals in Australia will receive 12 months of free credit monitoring from Equifax, while those in New Zealand will have access to a similar service provided by Centrix. In addition, individuals in both territories can avail themselves of IDCARE’s services to safeguard against the misuse of stolen data, with Nissan Oceania covering the costs of replacing any compromised identification documents.
Attack Possibly Linked to Akira Ransomware
Although Nissan Oceania has not explicitly confirmed ransomware involvement, the attack is believed to be linked to the Akira group, known for its ransomware operations. Despite claims of a data breach by Akira, Nissan Oceania has not succumbed to ransom demands, as evidenced by data supposedly belonging to the company available for download on Akira’s website.
Akira’s track record includes attacks on several major organizations, including cosmetics giant Lush and Stanford University.