It is learned on December 21 from Radar Finance, on December 20, the news that NIO user data was stolen and blackmailed exploded on the Internet.
It is understood that the NIO data stolen this time is some basic user information and vehicle sales information before August 2021. The target of extortion proposed by the other party to NIO users is 2.25 million USD equivalent in Bitcoin. NIO has set up a special team to investigate and respond, and reported the incident to the relevant regulatory authorities as soon as possible.
After the incident, NIO conducted investigations and strengthened the company’s network information security to avoid the recurrence of such incidents. NIO promised to take responsibility for the losses caused to users due to this incident, and apologized for this incident. NIO stated that stealing and buying and selling such data is an illegal and criminal act, and the company severely condemns this, and will never bow to cybercrime.
According to Lu Long, NIO’s chief information security scientist and head of the information security committee, in the NIO official community, this incident does not involve the data generated during the use of the vehicle, such as driving trajectory, cockpit data, etc., and will not affect the security of the vehicle. ride-on or remote control. Further investigation into the cause and extent of the data breach is ongoing.
Many car factories have had user data leaks
In fact, in today’s Internet age where data is flooding, it is not uncommon for car companies to have cases related to data security.
As early as July 2017, according to the New York Times, a security researcher from the network security company UpGuard revealed that more than 100 vehicle enterprise including General Motors, Fiat Chrysler, Ford, Tesla, Toyota, ThyssenKrupp, and Volkswagen enterprise, whose confidential data was exposed on Level One Robotics’ public servers.
In June last year, the data of another 3.3 million customers of Volkswagen, one of the auto industry giants, was leaked. The reason for the data breach was that a supplier left customer data “unprotected” on the Internet between August 2019 and May 2021, including the names, addresses and phone numbers of customers and potential buyers.
In December last year, Volvo Cars was also caught in a data breach. At the time, Volvo Cars said it had launched an investigation into a cybersecurity breach and the theft of some research and development data. Investigations to date have confirmed that some of the company’s research and development assets were stolen during the hack, which could have had an impact on the company’s operations.
In October this year, the Japanese car brand Toyota Motor staged a similar incident. Toyota said that about 296,000 customer information in its T-Connect service may have been leaked. The affected customers are all individual users who have registered with the service website using their email addresses since July 2017.
Zhang Xiang, dean of the New Energy Vehicle Technology Research Institute of Jiangxi New Energy Technology Vocational College, told Radar Finance that at present, car companies generally have a large amount of data. With the continuous development of smart cars, smart cars have more data than traditional cars. For these data, the general practice in the industry is to store them in the cloud rather than locally. Because of cloud storage, the cost is lower, the security is better, and the efficiency is higher, but it also brings certain security risks. If car companies want to increase the security level of data, they usually need to pay higher fees.
“For hackers, their malicious data attacks on car companies mainly want to obtain an illegal profit through extortion. As for how to avoid the leakage of car usage data, in fact, car companies cannot do 100% avoidance. Car companies can only improve the security level as much as possible, increase the attack cost of hackers, make it more difficult for hackers to attack user data, and then voluntarily give up the attack,” Zhang Xiang further added.
According to Radar Finance, at present, domestic laws and regulations are constantly improving on the protection of automobile data security, such as the introduction of “Several Regulations on Automobile Data Security Management (Trial Implementation)”, “Information Security Technology Safety Requirements for Collecting Data from Networked Vehicles”, “Guiding Opinions on Further Strengthening the Safety System Construction of New Energy Automobile Enterprises” and other related documents.
These documents put forward more requirements for car companies to improve their network security protection systems, requiring car companies to strengthen network security protection, strengthen data security protection, and implement personal information security protection.