Nissan Settles $1.5M Over 2023 Phishing Attack Exposing 50,000 Employees’ Data
Nissan North America has agreed to a $1.5 million settlement following a November 2023 phishing attack that compromised the personal data of over 50,000 employees. While the company denies wrongdoing, the breach stemmed from a cybersecurity lapse that plaintiffs allege could have been prevented with stronger safeguards.
Affected individuals those who received breach notification letters may qualify for compensation or protective services under the settlement. Eligible claims include reimbursement for "ordinary" losses (up to $450 for expenses like bank fees or travel) or "extraordinary" losses (up to $4,500 for fraud or identity theft, with supporting documentation). Those without documented losses can claim up to $100, though payouts may be reduced if claims exceed the settlement fund.
Additionally, all impacted employees can receive two years of free credit monitoring, including single-bureau tracking and $1 million in identity theft insurance. Workers who previously enrolled in Nissan’s credit monitoring will have their coverage extended by two years.
To participate, claimants must submit a valid form by May 26, 2026, with evidence of losses if applicable. The deadline to opt out or object is April 24, 2026, and final court approval is set for June 1, 2026. The settlement resolves allegations that Nissan’s cybersecurity failures violated privacy rights.
Source: https://www.the-sun.com/motors/16076115/nissan-data-breach-settlement-pay-out-claim/
Nissan Motor Corporation cybersecurity rating report: https://www.rankiteo.com/company/nissan-motor-corporation
"id": "NIS1773527048",
"linkid": "nissan-motor-corporation",
"type": "Breach",
"date": "11/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '50,000 employees',
'industry': 'Automotive',
'location': 'North America',
'name': 'Nissan North America',
'type': 'Corporation'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Affected individuals may qualify for compensation or '
'protective services under the settlement',
'data_breach': {'number_of_records_exposed': '50,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'Personal data'},
'date_detected': '2023-11',
'description': 'Nissan North America has agreed to a $1.5 million settlement '
'following a November 2023 phishing attack that compromised '
'the personal data of over 50,000 employees. The breach '
'stemmed from a cybersecurity lapse that plaintiffs allege '
'could have been prevented with stronger safeguards.',
'impact': {'data_compromised': 'Personal data of over 50,000 employees',
'financial_loss': '$1,500,000',
'identity_theft_risk': 'High',
'legal_liabilities': 'Allegations of privacy rights violations'},
'post_incident_analysis': {'corrective_actions': 'Settlement includes '
'compensation and credit '
'monitoring for affected '
'employees',
'root_causes': 'Cybersecurity lapse, alleged lack '
'of stronger safeguards'},
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Settlement resolves allegations '
'of privacy rights violations'},
'response': {'communication_strategy': 'Breach notification letters sent to '
'affected individuals',
'enhanced_monitoring': 'Two years of free credit monitoring, '
'including single-bureau tracking and $1 '
'million in identity theft insurance'},
'title': 'Nissan Settles $1.5M Over 2023 Phishing Attack Exposing 50,000 '
'Employees’ Data',
'type': 'Phishing Attack'}