Nissan discloses employee data breach via Oracle PeopleSoft zero-day

Nissan has warned current and former employees that their personal data was exposed in a breach after attackers exploited an Oracle PeopleSoft vulnerability previously linked to the ShinyHunters extortion group.

Nissan confirms targeted attack on its Oracle PeopleSoft deployment. The automaker disclosed the incident in notifications filed with the California Attorney General's Office on June 29, 2026. Nissan Americas uses Oracle PeopleSoft to manage employee information including payroll, tax administration, and personnel records. Oracle informed Nissan that threat actors obtained personnel records from hundreds of companies and that Nissan was specifically targeted.

Scope of exposed employee data remains under investigation. Nissan states it is in the early stages of its probe and has not yet determined the full impact. Accessed information may include contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax records, and dependent and beneficiary data. The breach is believed to affect employees in the United States, Canada, Mexico, and Brazil.

Response includes incident containment and support for affected staff. Nissan activated its incident response plan, engaged external cybersecurity experts, and secured affected systems. The company is working with Oracle to address the vulnerability, ended unauthorized access, and is implementing additional identity verification for payroll requests. It will offer free credit and dark web monitoring services where available and send follow-up notifications to confirmed victims detailing their exposed data.

Breach tied to widespread ShinyHunters exploitation of Oracle zero-day. The incident stems from attacks first reported on June 10-11, 2026 that leveraged a zero-day vulnerability in Oracle PeopleSoft. ShinyHunters claimed responsibility, stating over 300 instances across 100 organizations were breached. Oracle later disclosed CVE-2026-35273 and issued emergency mitigations. Mandiant confirmed the flaw was exploited as a zero-day between May 27 and June 9, 2026, primarily hitting education-sector organizations, and notified over 100 victims. ShinyHunters has since begun leaking stolen data from some of those attacks.

ShinyHunters history centers on cloud SaaS data theft. The group is known for targeting Salesforce, Snowflake, third-party integration partners, and other cloud environments. It recently conducted a separate attack on Instructure Canvas that stole 280 million student records. Nissan is now among the confirmed corporate victims in the PeopleSoft campaign.