Pierluigi Paganini December 07, 2023

Japanese carmaker Nissan announced it has suffered a cyberattack impacting the internal systems at Nissan Oceania.

Nissan Oceania, the regional division of the multinational carmaker, announced it had suffered a cyber attack and launched an investigation into the incident. Nissan already notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.

Nissan Oceania refers to the regional operations of the Nissan Motor Company in the Oceania region, which includes Australia and New Zealand.

Nissan, a Japanese multinational automaker, operates globally, and its regional divisions manage business activities in specific geographic areas.

“The Australian and New Zealand Nissan Corporation and Financial Services (“Nissan”) advises that its systems have been subject to a cyber incident. Nissan is working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.” reads the statement published by the company on its website.

The company did not share details about the attack or its scope.

Nissan recommends customers be vigilant and look out for any suspicious or scam activities.

Nissan said it is still working to restore its systems and plans to provide updates through its websites nissan.com.au and nissan.co.nz.

The problems suffered by the company suggest that its systems were infected with ransomware.

The carmaker warned that some dealer systems will be impacted despite local dealerships continue to operate.

In January 2021, a misconfigured Git server caused the leak of the source code of mobile apps and internal software used by Nissan North America. The software engineer Tillie Kottmann was informed by an anonymous source that the Git server was exposed online and accessible to anyone using the default login credentials admin/admin.

In December 2017, Nissan Finance Canada was hacked, personal information of 1.13 million customers may have been exposed as a result of a data breach discovered by the company on December 11 (The biz took 10 days to disclose the incident).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, automative)