Nissan said that it detected an intrusion into its global information systems network, resulting in the placement of malware on the network and the loss of employee user account credentials.
“We believe that [employee] user IDs and hashed passwords were transmitted. We have no indication that any personal information and emails have been compromised. Regardless, we are continuing to take appropriate precautionary measures”, said Andy Palmer, executive vice president of Nissan, in a statement.
Nissan did not disclose the number of employees affected by the data breach.
Under Amour admitted that an unencrypted thumb drive was lost containing employee payroll information on it, including names, social security numbers, and salary. The thumb drive was lost when it was mailed to its auditing firm PricewaterhouseCoopers, according to an internal memo obtained by the Dayton Daily News.
“PwC is committed to protecting its clients’ confidential information and is working closely with its client to provide protective safeguards to those individuals whose information was lost”, said Jude Curtis, PwC’s chief ethics and compliance officer, in a statement quoted by the newspaper.
About the breaches, Jeff Hudson, chief executive officer of Venafi, commented: “The Under Armour and Nissan breaches, where unencrypted employee personal information is missing and account credentials were stolen, demonstrate that data encryption is more than just a best practice-it’s become an indispensable information security defense.”