Nissan warns that menace actors exploited a vulnerability in Oracle PeopleSoft in an information theft assault beforehand linked to the extortion group ShinyHunters, leading to an information breach affecting present and former staff.
In a breach notification filed with the California Lawyer Basic’s Workplace, Oracle mentioned these information theft assaults affected tons of of corporations, and Nissan was particularly focused on this marketing campaign.
“Nissan Americas, Inc. makes use of Oracle PeopleSoft software program to handle worker data, together with payroll, tax administration, and different human assets data,” the violation discover states.
“Oracle knowledgeable us {that a} cyber occasion had occurred and the personnel data of tons of of corporations might have been obtained by so-called menace actors. We subsequently discovered that Nissan was the precise goal of this assault.”
Nissan mentioned it’s nonetheless within the early levels of its investigation and the complete influence of the breach has not but been decided, but it surely believes the attackers accessed private data that will embody worker contact data, banking data, social safety numbers, social insurance coverage numbers, nationwide identification numbers, monetary and tax data, and dependent and beneficiary data.
The case is believed to have an effect on present and former Nissan staff in the USA, Canada, Mexico and Brazil.
Nissan mentioned that after studying that the info breach had occurred, it initiated an incident response, employed exterior cybersecurity consultants to safe the affected techniques, and is working with Oracle to deal with the problem.
The corporate additionally mentioned it has taken steps to thwart unauthorized entry and forestall additional disclosure of worker data, and can present free credit score and darkish internet monitoring providers to affected people when obtainable.
As a further precaution, Nissan mentioned it’s introducing further id verification measures earlier than processing payroll requests, whereas limiting entry to staff’ pay stubs and direct deposit modifications to firm community computer systems and safe VPN connections.
The automaker mentioned staff whose data was in the end decided to have been compromised will obtain further notifications detailing what information was affected.
Associated to ShinyHunters PeopleSoft zero-day assault
The disclosure is believed to be the results of widespread exploitation of Oracle PeopleSoft servers, which was first reported by BleepingComputer earlier this month.
As initially reported, attackers exploited a zero-day vulnerability in Oracle PeopleSoft to compromise situations and steal information.
The ShinyHunters extortion group claimed accountability for the assault and informed BleepingComputer that greater than 300 PeopleSoft situations throughout 100 organizations have been compromised.
Shortly after, Oracle disclosed a crucial vulnerability in Oracle PeopleSoft PeopleTools tracked as CVE-2026-35273 and launched an emergency mitigation.
Though Oracle has not but publicly confirmed that this flaw was exploited, Mandiant has since acknowledged that attackers exploited the Oracle PeopleSoft CVE-2026-35273 vulnerability as a zero-day exploit in information theft assaults between Could 27 and June 9.
These assaults primarily affected organizations within the training sector, and Mandiant mentioned it had notified greater than 100 organizations and confirmed data beforehand shared by Shiny Hunters.
Since then, ShinyHunters has begun leaking information stolen from these assaults at information breach websites such because the College of Nottingham and the Nationwide Affiliation of Insurance coverage Commissioners (NAIC).
The menace actor is a well known extortion group that generally targets Salesforce, Snowflake, third-party integration companions, and different cloud SaaS environments for information theft.
ShinyHunters lately focused the training sector with one other cyberattack in opposition to Educational Canvas, stealing 280 million information data from college students, lecturers, and employees. The infrastructure then paid a ransom to stop the info from being leaked.

Safety groups doc 54% of profitable assaults and challenge a warning on solely 14%. The remaining strikes invisibly via the setting.
Picus’ whitepaper exhibits methods to check your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
