Thousands of Nissan North America workers hit in data breach

representational image of a cloud firewall
Image Credit: Pixabay (Image credit: Pixabay)

Sensitive personal data, including Social Security Numbers (SSN), on thousands of Nissan North America (NNA) employees, has been stolen, the company has confirmed.

Nissan is only now reporting on the attack as it only recently concluded its investigation and discovered the data theft.

In early November 2023, a threat actor targeted NNA’s external VPN, and shut down parts of its IT infrastructure. After that, they demanded a ransom payment in exchange for releasing the infrastructure. NNA notified law enforcement, brought in third-party security experts, and quickly expelled the attackers.

Baphomet arrested

At the time, there was no talk of stolen data, but after a more thorough investigation, which concluded on February 28, things changed. NNA "identified certain personal information in the data primarily relating to current and former NNA [Nissan] employees including Social Security numbers."

A data breach notification filed on May 15 with the Office of the Maine Attorney General, NNA said that some 53,000 people were affected by the breach. Besides SSN, exposed data include personal identifiers (names). The company said that the stolen files did not contain any financial or payment details. 

At press time, there was no evidence of the files being misused in any way. 

The company notified affected individuals via a letter which, among other things, includes instructions on how to sign up for a two-year credit and identity theft monitoring services, offered for free via Experian. 

This is not Nissan’s first rodeo. Late last year, Nissan Oceania, which covers the markets of Australia and New Zealand, confirmed suffering a data breach which resulted in the theft of sensitive customer data on more than 100,000 people. Customers included owners of Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM brands, the company noted at the time. 

It was later discovered that the Akira ransomware was used in the attack.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Security
American National Insurance Company breach data found online
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Major breach hits employee screening firm - 3.3 million affected as hackers steal DISA data
Code Skull
Casio confirms data of 8,500 people exposed in recent ransomware attack
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Blood donation firm reveals donor personal data stolen in cyberattack
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring