In a recent development following the major data breach at Nissan last year, the Japanese automaker has provided a new update on the cybersecurity incident that exposed the Social Security numbers of thousands of former and current employees. The company shared details of the cyberattack in a letter sent on May 15, 2024, revealing that Nissan North America was the target of the attack. It was disclosed that a threat actor had breached the company’s virtual private network and demanded payment, although Nissan has not confirmed whether they complied with the ransom demands.

The letter stated that approximately 53,000 employees were affected by the data breach. Upon discovering the breach, Nissan immediately notified law enforcement and engaged cybersecurity experts to contain and neutralize the threat. An internal investigation was also conducted, and employees were informed during a town hall meeting held in December 2023, a month after the cyberattack occurred.

To mitigate any potential harm caused by the breach, Nissan has taken proactive measures to protect the affected individuals. The company is offering complimentary identity theft protection services for two years to those impacted by the incident, demonstrating its commitment to safeguarding employee privacy. Nissan emphasized its dedication to strengthening its security infrastructure and practices by implementing additional security measures and enlisting cybersecurity specialists to conduct a detailed review for enhanced protection against future threats.

Despite the breach, Nissan has not reported any instances of fraud or identity theft resulting from the incident. However, affected individuals are advised to take advantage of the complimentary credit monitoring services provided by Experian IdentityWorks as a precautionary measure. In addition to the identity protection service, Nissan is also offering proactive fraud assistance to assist individuals with any questions or concerns related to fraud, provided by Experian, a company specializing in fraud assistance and remediation services.

Recipients of the identity protection service are instructed to enroll by a specified deadline and utilize the provided activation code. They are also encouraged to remain vigilant against potential fraud by monitoring their credit reports and reporting any suspicious activity promptly. Assistance for enrolling in the complimentary credit monitoring services is available for 90 days from the date of the letter, with a dedicated helpline provided for further inquiries.

Nissan reiterated its commitment to employee welfare and the importance placed on protecting personal information, expressing regret for any inconvenience caused by the incident. The letter was signed by Leon Martinez, Vice President of Human Resources, and William Orange, Vice President of IS/IT and Chief Information Officer, underscoring the seriousness with which the company regards cybersecurity and data protection.

As Nissan continues to address the aftermath of the data breach and enhance its security measures, the company remains focused on ensuring the safety and security of its employees and customer data. The proactive steps taken in response to the cyberattack demonstrate Nissan’s commitment to transparency, accountability, and protecting the privacy of those affected by the breach.

Source link