NIO’s database has recently been breached by an unidentified hacker demanding $2.25 million worth of bitcoin. However, the company has come out to downplay the incident, stating that only ‘basic user and vehicle sales information before August 2021 was breached.
According to the company, it received an email from the hacker on December 11 claiming to have the automaker’s data and requesting $2.25 million worth of Bitcoin. The company claims it immediately set up an investigation team and reported the matter to government agencies.
From the investigation, the company deduced that information of users and vehicle sales in China before August 2021 were sold on the internet by third parties for illegal purposes.
Furthermore, NIO has set up a dedicated hotline and email address to respond to users’ queries regarding the data leakage.
A statement said that the company has also undertaken responsibility for the loss that the users may incur in connection with the data leakage. The company reaffirms that it wouldn’t pay the ransom stating that “Stealing, buying and selling such data is illegal, which the company severely condemns, and will not bow to cybercrime.”
“We will learn from the lessons and strengthen our technical strength to continuously improve the security protection of NIO’s information systems to fully protect the information security of our users,” the statement said.
This is not the first time NIO has been embroiled in a cryptocurrency and data security matter. In April 2022, the manufacturer claimed in an internal memo that one of its staff, a server manager, had used the company’s servers to mine Ethereum for over a year. The document stated that the act was not only illegal, considering China’s ban on crypto mining, but was “negatively impacting the company’s system security and business information security.”
The system admin, named Zhang, admitted to the act, but it wasn’t clear if he was relieved of his job at the time.
Sources: NIO, Weibo