On September 2, 2024, Nissan Motor's Dubai facility was the latest target of a cyberattack allegedly carried out by the hacker group RansomHub.
The attack reportedly targeted the official Nissan Dubai dealership website, nissan-dubai.com potentially resulting in a data breach of approximately 50GB of sensitive information.
In response to an interview, Nissan has confirmed the breach and is actively collaborating with its partner company to assess the situation and determine the scope of the damage.
However, the company has not stated whether customer information was compromised.
Customers' names, addresses, phone numbers, email addresses, and car ownership records could all be among the sensitive information exposed.
The group behind the attack, RansomHub, claims to have obtained more than half a million confidential client records from Nissan Dubai.
The group reportedly set a ransom deadline of September 8, 2024, threatening to leak the stolen data if their demands are not met.
According to the U.S. government, the RansomHub ransomware group has successfully encrypted and exfiltrated data from over 210 victims since it was established in February 2024.
The breach at Nissan's Dubai facility follows several other cyberattacks against the company in recent months.
In November 2023, Nissan's North American division was hit by a ransomware attack, exposing the personal information of approximately 53,000 employees.
Similarly, in December 2023, Nissan's Oceania division was targeted, compromising the personal information of approximately 100,000 people.
Nissan has stated that they are working closely with the affected partner company in the Middle East to determine the full extent of the breach.
The company is committed to improving its cybersecurity and preventing future incidents.
While it is unclear what data was leaked in this attack, Nissan is urging caution among its customers in the region.