Nissan Targeted in Dark Web Data Leak Threat by Everest Ransomware Gang
Nissan Motor Corporation was listed on the dark web on January 10, 2026, by the Everest ransomware gang, which claims to have exfiltrated 900 gigabytes of sensitive data. The threat actors warned that the stolen files including 60,000 text files, 17,000 CSV files, and 78,000 ZIP archives would be published in four days unless a ransom is paid.
Samples posted by Everest reveal business-related data, such as marketing and sales records, dealer orders, validation reports, warranty analysis, and communications. Many files appear tied to Nissan’s Canadian operations, referencing dealerships for both Nissan and Infiniti, though some U.S.-based dealer names were also identified. Nissan has not yet issued a public statement on the incident.
Everest, a Russian-speaking cybercriminal group active since 2020, has shifted from traditional ransomware attacks to initial access brokering and data extortion. The group has previously targeted high-profile victims, including the 2021 Colonial Pipeline attack, and is known for exploiting weak credentials, insider recruitment, and remote access tools.
The Nissan breach follows Everest’s recent claims against Chrysler, where the gang alleged the theft of 1,088 gigabytes of data, including personal and contact information of individuals, agent work logs, and vehicle status records. Chrysler reportedly failed to respond before the deadline, leading to the data’s release. Additionally, Everest recently claimed a breach of ASUS, which the company confirmed stemmed from a compromised supplier, though it denied impact on internal systems or user privacy.
No connection between the Chrysler breach and the 2025 Stellantis incident has been confirmed. Nissan has not responded to requests for comment.
Nissan Motor Corporation cybersecurity rating report: https://www.rankiteo.com/company/nissan-motor-corporation
"id": "NIS1768273584",
"linkid": "nissan-motor-corporation",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Automotive',
'location': 'Global (primarily Canada and US '
'operations mentioned)',
'name': 'Nissan Motor Corporation',
'type': 'Corporation'}],
'attack_vector': 'Initial access via weak/stolen credentials, insider '
'recruitment, or remote access tools',
'data_breach': {'data_exfiltration': 'Yes (900 GB of data exfiltrated)',
'file_types_exposed': ['txt', 'csv', 'zip'],
'sensitivity_of_data': 'High (business-sensitive information)',
'type_of_data_compromised': ['Business data',
'Dealer information',
'Marketing and sales data',
'Warranty analysis',
'Validation reports']},
'date_detected': '2026-01-10',
'date_publicly_disclosed': '2026-01-10',
'description': 'Nissan Motor Corporation was listed on the dark web by the '
'Everest ransomware gang, which is threatening to publish '
'allegedly stolen data if ransom payment is not made. The '
'threat actor claims to have exfiltrated 900 gigabytes of '
'data, including business-related files such as marketing, '
'sales, dealer orders, and warranty analysis.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '900 GB of data, including 60,000 txt files, '
'17,000 csv files, 31,000 zip files, and '
'47,000 zip files',
'identity_theft_risk': 'Potential risk due to exposure of business '
'and possibly personal data'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (threatened to '
'publish data)',
'entry_point': 'Weak/stolen credentials, insider '
'recruitment, or remote access '
'tools'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (ransom demand)',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
'references': [{'date_accessed': '2026-01-10', 'source': 'Cyber Daily'}],
'threat_actor': 'Everest Ransomware Gang',
'title': 'Nissan Motor Corporation Data Breach by Everest Ransomware Gang',
'type': 'Ransomware'}