Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI).
This came in response to the Qilin ransomware group's claims that they had stolen four terabytes of data from CBI, including 3D vehicle design models, internal reports, financial documents, VR design workflows, and photos.
"On August 16, 2025, suspicious access was detected on the data server of Creative Box Inc. (CBI), a company contracted by Nissan for design work," stated a Nissan spokesperson to BleepingComputer.
"CBI immediately implemented emergency measures, such as blocking all access to the server, to mitigate the risk, and also reported the incident to the police."
CBI is a Tokyo-based design studio, wholly owned by Nissan Motor Co. Ltd., established as a "think tank" that focuses on experimental and concept vehicle designs.
Qilin ransomware added CBI on its extortion portal on the dark web on August 20, 2025, claiming to have stolen all design projects and threatening to make them public, giving competitors an edge.
The threat actors also published 16 photos of the stolen data as evidence of their claims, which depict 3D car designs, spreadsheets, documents, and car interior images.
Nissan CBI listed on the Qilin extortion portal
Source: BleepingComputer
Nissan states that an investigation into the incident is currently underway, but it has already verified a data breach.
... continue reading