Nissan has confirmed that employee information was exposed after attackers exploited a zero-day vulnerability in Oracle PeopleSoft. The automaker is among hundreds of organizations affected during a campaign linked to the ShinyHunters extortion group.
The attacks occurred between May 27 and June 9, before Oracle released emergency mitigations for the vulnerability later identified as CVE-2026-35273. Oracle and cybersecurity firm Mandiant said more than 100 organizations were notified after investigators confirmed active exploitation.
Nissan said the breach may have affected current and former employees across the United States, Canada, Mexico, and Brazil, with employee and payroll records among the information under review. The automaker said it has contained the affected systems and is continuing its investigation with outside cybersecurity support while adding protections around payroll access.
Why It Matters: Nissan is one of the latest organizations to disclose a breach tied to the Oracle PeopleSoft attacks, adding another confirmed victim to a campaign that affected organizations across multiple industries. As investigations continue, each disclosure helps establish how widely the attacks spread.
- PeopleSoft Supports Critical Business Operations: Oracle PeopleSoft is widely used to manage payroll, tax administration, benefits, and personnel records. Because these functions support daily business operations, disruptions can affect payroll processing, employee self-service, identity verification, and administrative workflows while organizations investigate potential exposure.
- The Zero-Day Triggered a Multi-Organization Response: Threat actors exploited CVE-2026-35273 before Oracle released emergency mitigations, compromising vulnerable PeopleSoft environments between May 27 and June 9. Oracle later informed customers that personnel records from hundreds of organizations may have been obtained, while Mandiant notified more than 100 organizations after confirming active exploitation.
- Employee Records Extended Beyond Basic HR Data: Nissan said the compromised information may include employee contact details, payroll and banking records, tax information, government-issued identification numbers, and dependent or beneficiary data. When these records are stored together, a single compromise can expose multiple aspects of an employee’s personal and financial information.
- Nissan Added Safeguards While the Investigation Continues: Along with engaging external cybersecurity specialists and coordinating with Oracle and law enforcement, Nissan restricted access to employee pay slips and direct deposit changes to company-managed computers or secure VPN connections. The company also introduced additional identity verification before processing payroll requests and plans to provide credit and dark web monitoring services to affected individuals where available.
- ShinyHunters Continued Targeting Enterprise Platforms: The campaign has been linked to the ShinyHunters extortion group, which claimed responsibility for compromising more than 300 PeopleSoft instances across approximately 100 organizations. The group has previously targeted Snowflake, Salesforce, and other enterprise platforms that centralize large volumes of organizational data.
Nissan confirms employee data exposed in Oracle PeopleSoft cyberattack – SCMedia
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
