back to article Nissan infosec in the spotlight again after breach affecting more than 50K US employees

Nissan has admitted to another data loss – this time involving the theft of personal information belonging to more than 50,000 Nissan employees. According to the carmaker's disclosure [PDF], filed with the US state of Maine, Nissan was breached back in November 2023 through "a targeted cyber attack" – as the incident is …

  1. Dan 55 Silver badge

    Connected cars fall into three major types:

    1. Japanese cars: About as clued up as Nintendo when it comes to the Internet, get pwned about 3 times a year.

    2. US cars: They'll sell all your data to anyone and everyone and employees will maybe perv over your videos too.

    3. EU cars: Some privacy figleaf checkbox but are probably still collecting the data anyway.

    It goes without saying that those people who want to disable connected car tracking are acting suspiciously and must be up to no good.

  2. MachDiamond Silver badge

    There has to be more and larger penalties imposed on companies that have these breaches. There has to be a risk to storing data on people. Obviously, they need to have files on their current employees, but why wouldn't it be prudent for the data on people that have left the company be stored in an offline archive to the extent that it needs to be kept? If somebody rejoins the company, there can be a process to make their file active once again by manually carrying it over the air-gap.

    If the risk is high for keeping data, more effort will be put into keeping it secure or getting rid of it if there's no pressing need to have it. Nissan being fined $1mn can be written off as a cost of doing business. If the fine is proportional to the size of the company and the nature of the breach, it can be high enough to sting rather badly and in the most egregious cases, jeopardize the company. Yes, yes, a lot of collateral damage could happen, but it could be just like ripping a sticking plaster off quickly. If Nissan were to be fined out of existence, some company(s) would swoop in and gobble it up. Of course, it would be better for courts to apply more serious penalties well short of that in cases initially just to show it's possible.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like