A recent media statement issued by Nissan Vice President Andy Palmer has exposed a cyber crime ring that could have led to the theft of customer and employee data. Technicians have determined that no sensitive data was accessed, but Nissan’s system security was compromised. Malware was discovered April 13 on Nissan’s master network.
Hacking employees’ accounts
The hackers involved in the cyber attack managed to place malicious software within Nissan’s network that, given time, could have accessed a data store containing employee account credentials, noted Palmer. While employee user IDs and obscured passwords were transmitted during the hacking incident on April 13, Palmer maintained that Nissan is not currently concerned that any personal data was extracted by hackers.
Palmer admitted that Nissan waited to disclose the occurrence of the cyber attack until details regarding potential damages were assessed. He also assured those concerned that Nissan’s system has been properly secured since the cyber attack occurred.
“(Nissan’s) information security team confirmed the presence of a computer virus on our network and immediately took aggressive actions to protect the company’s systems and data,” he said. “As a result of our swift and deliberate actions, we believe that our systems are secure and that no customer, employee or program data has been compromised.”
Nissan cyber attack not unique
Former U.S. security chief Richard Clarke told Smithsonian Magazine last month that cyber attacks against major corporations are not uncommon.
“I think the evidence is pretty strong,” said Clarke. “Every major company in the United States has already been penetrated by China.”
Clarke warned that Chinese-made computer equipment sold in the U.S. may also be contaminated with “logic bombs” and other holes through which hackers can conduct cyber crime. As cyber espionage is in many cases state-sponsored in China, safeguards don’t exist.
Nissan has not pinpointed the source of the cyber attack, and the company recognizes that the hacking activity may have been relayed through servers in an entirely separate country.
Cyber crime costs business up to $20 billion annually
Scott Borg, the chief economist of the independent, non-profit U.S. Cyber Consequences Unit estimates that cyber crime costs corporations $6 billion to $20 billion each year. That accounts for both intellectual property losses and lost business opportunities, notes The Detroit Bureau.
Tracking the hackers
Palmer promised that Nissan will continue to track the hackers back to their source.
“(We will) vigilantly maintain our protection and detection systems and related countermeasures to keep ahead of emerging threats. Our focus remains on safeguarding the integrity of employee, consumer and corporate information.”