Nissan North America reports ransomware attack exposing 53k people

Nissan North America (NNA) is reporting a data breach that has exposed personla information of current and former employees.

The incident occurred on November 7th, 2023, when a threat actor targeted the company's external VPN and demanded a ransom after shutting down certain systems. Although the systems were not encrypted, the attacker accessed files on local and network shares containing personal and business information.

By February 28, 2024, Nissan's investigation revealed that personal information, including names and Social Security numbers of over 53,000 current and former employees, had been compromised. Nissan claims that financial details were not accessed during the breach. Nissan has stated there is no evidence that the exposed data has been misused.

Nissan has notified the affected individuals and is offering them free 24-month credit monitoring and identity theft protection service offered by Experian.

This incident ocurred almost in parallel to the Nissan Oceania breach that exposed both internal and customer information. So far there is no identified relation to the two incidents.