From Dell to Nissan: Protecting Your Data Against Multi-Million Dollar Threats 

Businesses run on data. Whether it’s using customer data to drive new innovations and sales campaigns or leveraging internal data for workplace optimization and future product designs – all of this information helps make business decisions and improve operations. However, it also creates a tempting target for attackers who also see its value. 

On average, a data breach costs organizations $4.45 million to resolve. This includes everything from correcting the problem that caused the breach to paying fines and associated legal fees. Of course, this is just for the average breach. In recent breaches, such as the attacks against Dell and Nissan, where large quantities of sensitive data were exposed, the costs are likely to run much higher.

In this article, we explore these breaches, how they occurred, and ways to prevent your organization from becoming a victim of future attacks. 

Losing Sensitive Data in Unexpected Ways

Sensitive data can escape through unexpected paths, not just emails or open file shares. The recent breaches at Dell and Nissan did not involve traditional pathways of data loss but exposed APIs and externally facing VPNs. Traditional DLP (data loss prevention) technologies focus on the more common vectors of data loss, while allowing sensitive data to flow uninhibited through others. Effective measures must integrate real-time detection and response to stop threats before data leaves rather than driving alerts after they happen. 

What You Need to Know About the Dell Breach

In the first attack, hackers exploited Dell’s API to register fake partner accounts to extract customer data. Once attackers knew the API had an exploitable vulnerability, they continuously brute-forced it over the course of weeks without raising alerts from Dell’s security infrastructure. They continued this process until they exposed 49 million customer records, including names, addresses, and order details. 

Attackers can exploit the data exposed by the Dell breach to conduct phishing or targeted scams. With access to names, addresses, and order details, criminals can craft compelling phishing emails that appear legitimate, tricking recipients into providing additional sensitive information. 

In more extreme cases, knowing what products customers purchase and where they reside, including business locations, also allows thieves to plan targeted thefts. They can break into homes or businesses to steal high-value items they know are present, further leveraging the compromised data for malicious gain.

Timeline of the Dell Attack

• Early Phase: Hackers register fake partner accounts.
• Week 1: Hackers begin brute-force attacks on service tags, gaining access to Dell’s internal systems.
• Weeks 2-3: Hackers extract data from the customer records database.
• Week 4: Dell is notified of the breach and investigates.
• Week 5: Dell discloses the breach publicly.

Had this prolonged data extraction been detected earlier, the damage could have been significantly reduced. 

What You Need to Know about the Nissan breach

In December 2023, Nissan Oceania experienced a significant data breach conducted by the Akira ransomware group, exposing the sensitive data of 100,000 individuals. The compromised information included government IDs, loan documents, and employment information, which the attackers stole and encrypted. 

In November 2023, Nissan North America also faced a ransomware attack exploiting an external VPN vulnerability. The attack affected 53,000 employees’ personal information, such as names and social security numbers. Once inside, attackers were able to run wild, stealing this sensitive data and exposing deficiencies in their data permissions. 

Attackers can use the stolen data for various malicious purposes. With access to government IDs, loan documents, and employment information, they can engage in identity theft and financial fraud. The detailed personal and employment data can also facilitate targeted scams, as criminals can personalize their attacks to increase success rates. 

Timeline of the Nissan Attacks

• November 2023: Initial attack on Nissan North America, exploiting an external VPN vulnerability.
  • Early November 2023: Attackers gain access to the personal information of 53,000 employees.
  • Mid-November 2023: Nissan North America identifies the breach and starts mitigation efforts.
• Early December 2023: Akira ransomware group infiltrates Nissan Oceania’s systems.
• Mid-December 2023: Attackers begin encrypting and stealing data, focusing on government IDs, loan documents, and employment information.
• Late December 2023: Nissan Oceania responds to the breach, containing the attack and notifying affected individuals.

In combination, these attacks exposed a significant quantity of sensitive data for employees. 

How to Protect Private Data Where It Resides

As devastating as these breaches are, there are ways to prevent similar attacks in the future. Data Detection and Response (DDR) provides proactive, real-time threat neutralization, essential for safeguarding unstructured data such as emails, documents, and files. By adapting to modern cyber threats, DDR ensures continuous data protection while integrating seamlessly with existing security infrastructures. This integration enhances security posture by reducing false positives and negatives, allowing for more accurate threat detection and response. 

Sanitizing Sensitive Data

Data Detection and Response can use several techniques, including masking, to detect and neutralize sensitive data before it crosses organizational boundaries, whether on-premises or in the cloud. Via anonymization, DDR can remove identifiable information, making the data unusable to unauthorized parties. Tokenization replaces sensitive data with non-sensitive equivalents, maintaining data utility while ensuring security. Data masking obscures sensitive information within data sets to prevent unauthorized access – allowing for de-masking when necessitated.

As demonstrated in the Nissan attack, malware can lead to significant data losses. To combat this, advanced DDR systems can incorporate Content Disarm and Reconstruction (CDR) and Antivirus (AV) to proactively remove potentially malicious code from files. Stopping the threat adds another layer of protection to ensure that shared data cannot start a chain reaction infection and lead to the loss of sensitive data. 

Votiro Safeguards Your Data

Organizations like Dell and Nissan don’t need to become statistics for hemorrhaging massive volumes of sensitive data. Votiro’s Zero Trust DDR integrates with existing infrastructure to proactively defend against file-based threats and manage real-time privacy and compliance – essentially stopping trouble before it can even start.

Votiro DDR prevents data leaks and breaches by sanitizing sensitive data as it crosses organizational boundaries through file sharing, emails, collaboration, and more. It detects sensitive information in structured and unstructured data in real-time, masking information based on organizational rules to prevent data leaks, while keeping security teams in full control of their defenses. 

To learn more about Votiro’s Data Detection and Response capabilities, sign up for a one-on-one demo of the platform or try it for 30 days and see how Votiro can proactively defend your organization from becoming another headline.