Nissan reveals ransomware attack exposed Social Security numbers of 53,000 workers

Nissan North America revealed that extortionists last year broke into its external VPN and compromised systems, demanding ransom and stealing the Social Security numbers of more than 53,000 employees.

The security breach occurred on November 7, 2023. This was conveyed to workers at a Nissan town hall meeting held on December 5, 2023.

Unfortunately, Nissan now finds itself in the awkward position of having to warn workers about sensitive personal messages used to be Hackers obtained the names and Social Security numbers of more than 53,000 current and former employees.

The auto company warned employees in a breach notification letter that the breach could lead to fraud or identity theft, but it has seen no evidence so far that this has occurred.

The data Nissan has confirmed accessed does not include financial information related to individual workers. The company has offered affected employees free 24-month credit monitoring and identity theft protection through Experian.

This is not the first time Nissan has been targeted by hackers.

For example, in December 2023, Nissan Australia and New Zealand was attacked by the Akira ransomware gang, which leaked the details of 100,000 of the company’s customers, dealers, and current and former employees.

Nissan estimates that about 10% of affected individuals had some form of government identifying information compromised, including tax identification numbers, driver’s licenses and passports.

Last January, Nissan North America discovered that “grossly mismanaged” servers had leaked proprietary source code for its mobile apps and marketing tools. It was later discovered that the server was “protected” by the username/password combination admin:admin.

During the same month, 17,998 Nissan North American customers were affected by a breach by a third-party service provider.

Back in 2016, Nissan found itself under the influence of a decentralized denial of service (DDoS) attack linked to Anonymous protests over the killing of dolphins in Japan, shutting down its global websites.