Current:Home > MarketsNissan data breach exposed Social Security numbers of thousands of employees-InfoLens
Nissan data breach exposed Social Security numbers of thousands of employees
View Date:2024-12-23 11:34:28
Nissan suffered a data breach last November in a ransomware attack that exposed the Social Security numbers of thousands of former and current employees, the Japanese automaker said Wednesday.
Nissan's U.S.-based subsidiary, Nissan North America, detailed the cyberattack in a May 15 letter to affected individuals. In the letter, Nissan North America said a bad actor attacked a company virtual private network and demanded payment. Nissan did not indicate whether it paid the ransom.
"[U]pon learning of the attack, Nissan promptly notified law enforcement and began taking immediate actions to investigate, contain and successfully terminate the threat," the car maker said in the letter, adding that "Nissan worked very closely with external cybersecurity professionals experienced in handling these types of complex security incidents."
Nissan told employees about the incident during a town hall meeting in December 2023, a month after the attack. The company also told staffers that it was launching an investigation and would notify employees privately if their personal information had been compromised. Nissan said it's providing free identity theft protection services to impacted individuals for two years.
Nissan North America also notified state officials across the U.S. of the attack, noting that data belonging to more than 53,000 current and former workers was compromised. But the company said its investigation found that affected individuals did not have their financial information exposed.
Nissan North America "has no indication that any information has been misused or was the attack's intended target," the automaker said in its letter.
Ransomware attacks, in which cybercriminals disable a target's computer systems or steal data and then demand payment to restore service, have become increasingly common. One cybersecurity expert said someone likely got a password or multi-factor authentication code from an existing Nissan employee, enabling the hacker to enter through the company's VPN.
"It is unfortunate that the breach ended up involving personal information, however Nissan has done the right thing by continuing to investigate the incident and reporting the update," Erich Kron, a cybersecurity awareness advocate at KnowBe4, told CBS MoneyWatch in an emailed statement. "In this case, targeting the VPN will often help bad actors avoid detection and bypass many of the organizational security controls that are in place."
- In:
- Nissan
- Data Breach
- Cyberattack
- Ransomware
Khristopher J. Brooks is a reporter for CBS MoneyWatch. He previously worked as a reporter for the Omaha World-Herald, Newsday and the Florida Times-Union. His reporting primarily focuses on the U.S. housing market, the business of sports and bankruptcy.
TwitterveryGood! (2819)
Related
- What does the top five look like and other questions facing the College Football Playoff committee
- 5 current, former high school employees charged for not reporting sexual assault
- Idaho College Murders: Bryan Kohberger's Defense Team to Reveal Potential Alibi
- Dolphins' Tyreek Hill: 'I just can’t make bonehead mistakes' like Miami marina incident
- 'Joker 2' actor pans DC sequel as the 'worst film' ever: 'It has no plot'
- North Korean leader Kim Jong Un meets with Russian defense minister on military cooperation
- 'Top of the charts': Why Giants rookie catcher Patrick Bailey is drawing Pudge comparisons
- MBA 3: Accounting and the Last Supper
- Off the Grid: Sally breaks down USA TODAY's daily crossword puzzle, Mixed Use
- When does 'Hard Knocks' start? 2023 premiere date, team, what to know before first episode
Ranking
- Auburn surges, while Kansas remains No. 1 in the USA TODAY Sports men's basketball poll
- Video shows Colorado trooper jump off bridge to avoid being struck by speeding vehicle
- Mark Lowery, Arkansas treasurer and former legislator who sponsored voter ID law, has died at age 66
- Good as NFL's star running backs are, they haven't been worth the money lately
- Ariana Grande's Brunette Hair Transformation Is a Callback to Her Roots
- Body found on grounds of Arizona State Capitol
- Texas Congressman Greg Casar holds hunger and thirst strike to call for federal workplace heat standard
- Germantown, Tennessee, water restrictions drag on as supply contamination continues
Recommendation
-
Solawave Black Friday Sale: Don't Miss Buy 1, Get 1 Free on Age-Defying Red Light Devices
-
MBA 3: Accounting and the Last Supper
-
Pink Summer Carnival setlist is a festival of hits. Here are the songs fans can expect.
-
Ohio officer fired after letting his police dog attack a surrendering truck driver
-
Kennesaw State football coach Brian Bohannon steps down after 10 seasons amid first year in FBS
-
MLB commissioner Rob Manfred receives four-year extension into 2029
-
Justin Herbert's record-setting new contract is a 'dream come true' for Chargers QB
-
Missouri school board that voted to drop anti-racism resolution might consider a revised version