Chinese smart electric vehicle (EV) start-up Nio said on Wednesday it was being blackmailed by hackers who have stolen user and vehicle sales data and are asking for US$2.25 million in bitcoin as ransom.
“Nio deeply regrets that this incident happened and is doing everything possible to support its users,” William Li Bin, Nio’s founder, CEO and chairman, said in a filing to the Hong Kong stock exchange.
Shanghai-based Nio issued a statement in Chinese late on Tuesday on its own community app explaining that the company had received an email on December 11, in which the sender claimed to have access to Nio’s internal data. They were also demanding US$2.25 million in bitcoin in return for not releasing this data.
“An internal investigation revealed that part of Nio’s user and vehicle sales information prior to August 2021 had been compromised,” Lu Long, the company’s chief information security scientist and head of its information security committee, said in Tuesday’s statement. “The company strongly condemns such unlawful acts and will not bow down to cybercrimes.”
The carmaker said it had reported the incident to regulators and will work with the authorities to investigate it.
“Once targeted by hackers, companies do not have many options. They can either agree to whatever the hackers ask for, which could cost them a lot, or report the incident to authorities, which may again damage their brand and could cost them some potential buyers in the future,” said David Zhang, a visiting professor at the engineering department of Huanghe Science and Technology University.
Nio said it had set up a hotline and email to respond to users’ queries about the data-hacking incident. The company had also undertaken the responsibility for any losses that users might incur in connection with the data leak, Li said in the stock-exchange filing.
The automobiles industry, and smart carmakers in particular, have reported many data security concerns recently. German tyre maker Continental, for example, revealed in November that it had lost 40 terabytes of data during a cyberattack it reported in August.
In February, a German teenager said he had identified a vulnerability in TeslaMate, a third-party app that some Tesla owners install in their vehicles. The app allowed the hacker to open doors and turn on the headlights in about 25 Tesla cars.
“Data security protection will become a big spending category for EV makers in the future, as smart cars lean heavily on software and data,” said Huanghe Science and Technology University’s Zhang.
The ministry of industry and information technology, China’s top telecommunications and software sector regulator, last year called for carmakers to bolster their data protection practices. It requires that personal information and important data collected and generated within China be stored within the country.
Shares of Nio rose 0.41 per cent to HK$86.7 on Wednesday morning in Hong Kong. The benchmark Hang Seng Index had risen 0.1 per cent to 19,112.64.
Keyword: Chinese EV maker Nio is being blackmailed by hacker for US$2.25 million in bitcoin after data breach