The Nissan Motor Corporation and Nissan Financial Services (“Nissan Oceania”) have reported a cybersecurity breach where unauthorised access was gained to their servers by a third party.
What happened
On 5 December 2023, a malicious third party obtained unauthorised access to Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand local IT servers.
What was accessed?
The list of affected individuals includes some of Nissan’s customers (including customers of Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses), dealers, and some employees.
The type of information involved will be different for each person. It’s estimated that approximately 10% of individuals have had some form of government identification compromised. The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licenses, 220 passports and 1,300 tax file numbers.
Approximately 90% of individuals have had some other form of personal information impacted, including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.
What the organisation is doing
Nissan has been working with government authorities including the Australian and New Zealand national cyber security centres, privacy regulators and external cyber forensic experts to review the compromised data and understand the impact on individuals.
Nissan expects to formally notify approximately 100,000 individuals about the cyber breach. This number might reduce as contact details are validated and duplicated names are removed from the list.
What an affected individual can do
Be alert for scams.
