Nissan’s Tokyo-based design subsidiary, Creative Box Inc. (CBI), has launched an investigation into a cyberattack after a ransomware group claimed to have stolen a large cache of internal files. The company confirmed that some design data has been compromised but said the breach affects only Nissan itself, as CBI’s work is exclusively for the automaker.
CBI is a specialized design studio established in 1987 as part of Nissan’s global creative network. Unlike mainstream production teams, the unit is often described as a “think tank” where designers experiment with bold and futuristic concepts. This makes the data stored on its systems particularly valuable, as early sketches, 3D models, and conceptual ideas can reveal strategic directions for future vehicles.
The ransomware group behind the attack alleges it copied more than 400,000 files, amounting to around four terabytes of information. According to their claims, the stolen material includes design files, reports, photos, videos, and other documents connected to Nissan’s projects. While the attackers say they have not released the full dataset yet, they have threatened to make it public if their demands are ignored.
Nissan, in its official statement, confirmed the unauthorized access and the leakage of some design material. “A detailed investigation is underway, and it has been confirmed that some design data has been leaked. Nissan and CBI will continue the investigation and take appropriate measures as needed,” the company said. Importantly, Nissan clarified that the stolen information does not affect external clients, contractors, or other organizations, as CBI serves Nissan alone.
The incident illustrates the growing use of ransomware against global companies. Ransomware is a type of malicious software that enables attackers to lock or steal sensitive data and then demand payment in exchange for restoring access or withholding its public release. Beyond financial loss, the exposure of confidential design material carries strategic risks: competitors, counterfeiters, or malicious actors could exploit these files, potentially weakening Nissan’s competitive edge.
The group behind this incident, known as Qilin, has been active in targeting organizations across different sectors. In recent years, security researchers have observed the gang exploiting vulnerabilities in widely used software tools and network devices to gain unauthorized entry. Once inside, they exfiltrate data before applying pressure with public leak threats. This tactic, known as “double extortion,” has become common in the ransomware infrastructure.
Cybersecurity experts stress that incidents like this serve as reminders for companies to remain vigilant. Timely patching of known software vulnerabilities, close monitoring of employee access tools, and strong data backup practices are among the key defenses against ransomware.
For Nissan, the priority now is understanding the full scope of the breach and ensuring no further leaks occur. As investigations continue, the company has pledged to take corrective steps and reinforce its systems against similar threats in the future.
