Nissan Data Breach Lawsuit Says Info of At Least 53K Current, Former Employees Exposed in Cyberattack

New to ClassAction.org? Read our Newswire Disclaimer

Nissan North America faces a proposed class action lawsuit over a data breach in which the personal information of at least 53,000 current and former employees of the automaker was accessed by cybercriminals.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 36-page Nissan data breach lawsuit says the information compromised in the incident may have included Social Security numbers, dates of birth and employee ID numbers, a virtual “gold mine for data thieves.”

Per the case, Nissan failed to notify data breach victims until nearly six months after it discovered the incident.

“As a result of the Data Breach, Plaintiffs and Class Members have experienced and/or are at a substantial and imminent risk of experiencing identity theft and various other forms of personal, social, and financial harm,” the Nissan data breach class action says. “This risk will remain for their respective lifetimes.”

Nissan reportedly discovered a “data security incident” on or around November 7, 2023, during which an unauthorized party gained access to the automaker’s network and files housed within its computer systems, the case states. Per the suit, Nissan has given no assurance that the data accessed during the cyberattack has been recovered or destroyed or that it has properly bolstered its cybersecurity to avoid a similar data breach in the future.

“By obtaining, collecting, using, and deriving a benefit from its employees’ Private Information, Nissan assumed legal and equitable duties and knew or should have known that it was responsible for protecting Plaintiffs’ and Class Members’ Private Information from unauthorized disclosure and exfiltration,” the lawsuit stresses.

According to the case, Nissan began to send data breach notice letters to victims on or around May 15 of this year, noting that the cyberattack saw an “unauthorized actor” gain access to its systems and ultimately copy the private information of thousands of current and former employees. 

“It is clear that the data thieves carried out this attack in order to either use the Private Information themselves for nefarious purposes, or to sell it on the dark web,” the suit posits.

The lawsuit contests that the automaker knew or should have known that the electronic records in its care would be targeted by cybercriminals yet “failed to take the necessary precautions” to protect consumers’ data.

The case calls Nissan’s response to the data breach “particularly paltry” given that it has offered victims merely 24 months of credit monitoring.

The Nissan data breach lawsuit looks to cover all persons in the United States who were impacted by the data breach, including all those who received a notice about the incident.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.