IN AN indication of the destruction cyber criminals can wreak on the corporate world, Nissan Oceania has only just recovered to a position where it can individually contact an estimated 100,000 of its customers about how its pre-Christmas cyber attack has affected their personal details.

The IT systems of Nissan Motor Corporation and Nissan Financial Services in Australia and New Zealand were penetrated on December 5 last year which not only closed down key data and local IT systems but, the company said, also resulted in some data being stolen and published on the dark web.

The dark web is an online space where criminals gather to transact in illicit intelligence and malfeasance and to trade in illegally-obtained personal data.

Since December, the company has been progressively restoring its various IT business systems and impaired communications centres.

Nissan Oceania has now announced that it has begun contacting individuals in relation to what it calls a “cyber incident” that has affected its local businesses.

The company said in a statement: “On December 5 2023, a malicious third party obtained unauthorised access to our local IT servers. 

“We took immediate action to contain the breach, and promptly alerted the relevant government authorities, including the Australian and New Zealand national cyber security centres and privacy regulators.

“Since that time, Nissan has been working urgently with government authorities and external cyber forensic experts to review the compromised data and understand the impact on individuals within our community.

“We now know the list of affected individuals includes some of Nissan’s customers (including customers of our Mitsubishi, Renault, Skyline, Infiniti, LDV and RAMS branded finance businesses), dealers, and some current and former employees.”

The company said that it expects to formally notify approximately 100,000 individuals about the cyber breach “over the coming weeks”. It said this number may reduce as contact details are validated and duplicated names are removed from the list.

“The type of information involved will be different for each person,” the company said. 

“Current estimates are that up to 10 per cent of individuals have had some form of government identification compromised. The data set includes approximately 4,000 Medicare cards, 7,500 driver’s licences, 220 passports and 1,300 tax file numbers.

“The remaining 90 per cent of individuals being notified have had some other form of personal information impacted; including copies of loan-related transaction statements for loan accounts, employment or salary information or general information such as dates of birth.

“We know this will be difficult news for people to receive, and we sincerely apologise to our community for any concerns or distress it may cause.

“We are committed to contacting affected individuals as soon as possible to tell them what information was involved, how we are supporting them, and the steps they can take to protect themselves against the risk of harm, identity theft, scams or fraud.

Support and guidance for affected individuals

Nissan has put in place a number of services to support individuals who have had personal information compromised. This includes access to IDCARE, free credit monitoring, and reimbursement where the replacement of government ID is recommended by the relevant issuing authority.

Nissan is also offering affected customers, at no cost, a variety of recovery and preventative services in the areas of identity theft and fraud and will also pay for the cost of replacing customers’ identity documents.

The following measures will be available depending on a person’s individual circumstances:

• IDCARE: We have partnered with IDCARE, Australia and New Zealand’s national identity and cyber support community service. IDCARE’s expert case managers will work with impacted individuals to address any concerns about risks to their personal information, and any instances where they think information might be misused. IDCARE’s services are available at no cost to those affected by the cyber incident.
• Equifax: In Australia, we are providing free access to Equifax credit monitoring services for 12 months to watch for any fraudulent activity.
• Centrix: In New Zealand, we are providing customers with free access to Centrix to assist with the provision of a credit report and placement of a credit freeze on their credit file.
• ID replacement: Where someone’s primary identity documents have been compromised, and the advice from the issuing government agency is to replace the document, Nissan will reimburse the cost of the replacement.
• Customer support line: We have established a dedicated customer support line which can be contacted between 7am and 7pm AEDT weekdays on:
  • Australia 1800 958 000
  • New Zealand 0800 44 50 14

Additional advice to protect against identity theft, scams or fraud:

In addition to the above measures, Nissan said it was encouraging everyone to take the following steps:

• Be vigilant for any unusual or suspicious online activity.
• Avoid clicking on any links or opening any suspicious emails or attachments.
• Be vigilant for any unrecognised or unsolicited telephone calls, emails or messages asking you to provide personal information.
• Always verify the sender of any communications received to make sure they’re legitimate.
• Update your passwords regularly, using ‘strong’ passwords and not re-using passwords for multiple accounts.
• Enable multi-factor authentication for your online accounts where available.
• Report a scam in Australia by visiting Scamwatch.