Some data linked to users’ personal privacy of Chinese new energy vehicle maker NIO was stolen by criminal gangs. Those responsible for the theft then sent threatening posts in the firm’s official user community asking for huge sums of money before the private information would be returned. The leaked data involves internal employees, some vehicle owners’ ID information and addresses, NIO‘s user registrations and others. Regarding this, Long Lu, the Chief Scientist and Global Head of Digital Safety & Security at NIO, issued a statement on December 20 and confirmed the incident.
The statement said that on December 11, 2022, NIO received an external email in which the sender claimed to have the company’s internal data and demanded $2.25 million in Bitcoin. After receiving the blackmail threat, the company immediately set up a special team to investigate and reported the incident to authorities. After a preliminary investigation, the stolen data is believed to be the basic information of some users and vehicle sales before August 2021.
NIO apologized for the impact of this incident on users and promised to take responsibility for the losses caused to users. It will cooperate with law enforcement departments to investigate the incident in depth and is determined to crack down on related data theft and trading according to law.
The company further stated that it indeed has the responsibility and obligation to use all means necessary to protect users’ information security. After the incident, it investigated and strengthened the company’s network information security to avoid a recurrence of such incidents.
It is worth mentioning that it is not clear what the actual proportion of “affected users” is. From January to July 2021, NIO delivered a total of 49,887 vehicles, 43,728 vehicles in 2020, 20,565 in 2019 and 11,348 in 2018.