Hackers breach Chinese automaker Nio

And they're demanding $2.3 million

Chinese electric automaker Nio suffers data breach

Image:
Chinese electric automaker Nio suffers data breach

Shanghai-based electric vehicle maker Nio has revealed that cybercriminals have stolen user and sales data, and are asking for about $2.3 million in Bitcoin to keep the information a secret.

The attackers sent Nio a blackmail message on 11th December, in which they claimed to have exfiltrated internal data from the company's systems.

According to Nio's findings, the stolen data included basic user details and vehicle sales information gathered before August 2021.

The company has reported the incident to regulators, apologised to affected users and promised to take responsibility for any user losses as a result of the incident.

The company said it 'strongly condemns such unlawful acts and will not bow down to cyber crimes.' Nio is now working with law enforcement to investigate the breach, and has so far refused to pay the blackmail demand.

This is the second security incident involving cryptocurrencies Nio has encountered this year. In April the company revealed that one of its server managers had spent more than a year mining Ether, the second-largest cryptocurrency after Bitcoin.

A vulnerable sector

A wave of cyberattacks have forced the auto industry to spend billions of dollars to improve its data protection systems in recent years.

Last month Continental, a German manufacturer of tyres and automotive components, said some of its data had been stolen as a result of a cyberattack in August.

Hackers stole a total 40TB of data, including information on budgetary and investment plans, customer data and information on strategy. The stolen information may include data relating to customers of Volkswagen Group, Mercedes-Benz, and BMW Group.

In an update on 12th December, Continental said its investigation had revealed that 'the attackers gained access to Continental's systems using disguised malware run by an employee'.

Last month, the hacker collective known as LockBit was offering a large amount of Continental's stolen data for sale for $50 million.

The hackers also posted what appeared to be messages exchanged between them and the company's officials, indicating that negotiation talks had failed.