Nissan Americas has notified current and former employees of a data breach stemming from the exploitation of a zero-day vulnerability in Oracle PeopleSoft, an incident linked to the ShinyHunters extortion group’s broader campaign against PeopleSoft instances worldwide.
What Was Exposed
In breach notifications filed with the California Attorney General’s Office, Nissan confirmed that attackers may have accessed a wide range of sensitive personnel records managed through its Oracle PeopleSoft deployment. The potentially exposed data includes:
- Employee contact information
- Banking and direct deposit details
- Social Security and Social Insurance Numbers
- National Identification Numbers
- Financial and tax information
- Dependent and beneficiary information
The breach is believed to affect current and former Nissan employees across the United States, Canada, Mexico, and Brazil. Nissan says the investigation remains in early stages and the full scope of affected individuals has not yet been determined.
The Broader Oracle PeopleSoft Campaign
The incident traces back to the exploitation of CVE-2026-35273, a critical vulnerability in Oracle PeopleSoft PeopleTools. Oracle issued emergency mitigations after the flaw came to light. Mandiant subsequently confirmed that threat actors exploited the vulnerability as a zero-day in data theft operations carried out between May 27 and June 9, notifying more than 100 affected organizations.
ShinyHunters claimed responsibility for the attacks, telling researchers that over 300 PeopleSoft instances across roughly 100 organizations had been compromised. The group has since begun publishing stolen data on its leak site, with confirmed victims including Nottingham University and the National Association of Insurance Commissioners.
ShinyHunters is an established extortion operation known for targeting cloud and SaaS environments, including Salesforce, Snowflake, and third-party integration partners. The group also recently conducted a separate attack on Instructure Canvas, exfiltrating approximately 280 million records from students, teachers, and staff.
Nissan’s Response
Following notification from Oracle, Nissan activated its incident response plan, engaged external cybersecurity specialists, and worked to terminate unauthorized access. As a precautionary measure, the company has restricted access to employee pay slips and direct deposit changes to corporate network computers or secured VPN connections, pending implementation of stronger identity verification controls for payroll requests.
Affected employees will be offered free credit monitoring and dark web monitoring services where available. Nissan says individuals whose data is confirmed as compromised will receive follow-up notifications specifying what information was involved.