CP
cyberpings
BreachesHIGH

Nissan Data Breach - Third-Party Vendor Compromised, Everest Ransomware Group Claims Responsibility

Featured image for Nissan Data Breach - Third-Party Vendor Compromised, Everest Ransomware Group Claims Responsibility
TRThe Record
📰 2 sources·Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Updated:
🎯

Nissan's data was stolen from a company that helps them, not directly from Nissan itself. A group called Everest says they took a lot of information and might share it soon. Nissan is checking to make sure their own systems are safe.

Quick Summary

Nissan confirms a data breach linked to a third-party vendor, with the Everest ransomware group claiming to have stolen 910 GB of sensitive data. The automaker insists its systems remain secure.

What Happened

Nissan has confirmed that a cyberattack against a third-party vendor has resulted in the compromise of sensitive data. The Everest ransomware group has claimed responsibility for the breach, asserting that it stole 910 gigabytes of data from the vendor's file transfer system used by Nissan and Infiniti dealerships across North America. The attack reportedly took place in January, and the group has threatened to release the stolen data imminently.

Who's Affected

The breach could potentially impact customers, dealerships, and loan information associated with Nissan and Infiniti. While Nissan has stated that its own systems were not compromised, the implications for affected third-party vendors and their clients remain significant.

What Data Was Exposed

The Everest group claims that the stolen data includes sensitive information related to customers, dealerships, and financial transactions involving car loans. This incident follows a troubling trend for Nissan, which has faced multiple security incidents in recent years, including a breach in 2024 that exposed data from nearly 100,000 customers and employees in Australia and New Zealand.

What You Should Do

Nissan has urged customers to remain vigilant and monitor their accounts for any suspicious activity. The company is working closely with the affected vendor to investigate the breach and mitigate any potential risks. Customers are advised to change passwords and enable two-factor authentication where possible.

Investigation Status

The investigation into the incident is ongoing, and Nissan has reiterated that it has found no evidence that its systems were compromised or that customer information was accessed or put at risk. The automaker is collaborating with the vendor as it completes its investigation into the breach.

Historical Context

This latest incident adds to a series of cyberattacks against Nissan, highlighting vulnerabilities in supply chain security. The company has reported previous breaches in 2022 and 2023, affecting thousands of individuals, raising concerns about the security protocols in place for third-party vendors.

The incident underscores the importance of robust supply chain security measures, as breaches at third-party vendors can have far-reaching consequences for major corporations like Nissan.

Original article from

TRThe Record
Read Full Article

Also covered by

SCSC Media

Third-party hack affirmed by Nissan after Everest ransomware assertions

Read Article

Share

Related Pings

HIGHBreaches

Syria’s Security Failures Exposed by Government Account Hack

A recent hack exposed Syrian government accounts, revealing significant cybersecurity weaknesses. This incident raises concerns about the state’s digital security practices and its ability to communicate effectively. Experts warn that without urgent reforms, Syria's digital infrastructure remains at risk.

Wired Security·
LOWBreaches

T-Mobile - Clarifies Details on Recent Data Breach Incident

T-Mobile recently clarified a data breach involving an insider incident, impacting just one customer. Personal financial data remained secure, and the company has taken necessary precautions.

SecurityWeek·
HIGHBreaches

CBP Facility Codes Exposed in Quizlet Flashcards Leak

A Quizlet flashcard set has leaked sensitive information about US Customs and Border Protection facilities, raising serious security concerns.

Wired Security·
HIGHBreaches

Iran Handala Group Breaches Israeli Defence Contractor PSK Wind

Iranian hackers have breached PSK Wind Technologies, an Israeli defense contractor. Sensitive military data has been stolen, posing serious risks to national security. Organizations must strengthen their defenses against such cyber threats.

Security Affairs·
HIGHBreaches

Adobe Breach - Threat Actor Claims Leak of 13 Million Records

A hacker claims to have breached Adobe, leaking sensitive data including 13 million support tickets and employee records. This incident highlights serious third-party security risks.

Cyber Security News·
HIGHBreaches

Americans' Passports Stolen - Hacktivist Attack on Dubai Airport

A hacktivist group has reportedly stolen American passports from Dubai Airport. This breach raises serious concerns about identity theft and fraud risks. Travelers should monitor their information closely.

SC Media·