Cyber Incident Victim: NIO Inc.

On December 20, 2022, NIO Inc., a prominent Chinese manufacturer of premium smart electric vehicles, became aware that unauthorized third parties were selling company-related data on the internet for illegal purposes. The compromised information pertained to user details and vehicle sales records in China dated prior to August 2021. The company promptly acknowledged the breach through an official press release and issued a separate public statement within China to address affected stakeholders. NIO established dedicated communication channels, including a hotline and email address, to field user inquiries about the incident. The automaker explicitly accepted liability for potential user losses stemming from the data exposure, though specific financial or operational impacts were not quantified in available disclosures.

NIO expressed regret over the incident and initiated collaboration with governmental authorities to investigate the breach's origins and scope. While technical details about the attack vector, data exfiltration methods, and exact number of affected users remained undisclosed, the company emphasized implementing measures to mitigate potential damages. No evidence suggested operational disruptions to vehicle production, sales, or battery-swapping services during this period. The response focused on customer support through established channels rather than technical containment procedures. NIO reiterated its commitment to user data security and privacy protections but did not disclose specific enhancements to existing systems or policies following the breach. The incident marked the second cybersecurity event publicly reported by NIO within 2022, though no connection was drawn between this leakage and prior breaches in company statements.