Nissan Americas recently disclosed a significant data breach affecting current and former employees in four countries. The incident, revealed on June 29, 2026, stemmed from threat actors exploiting a critical zero-day vulnerability, identified as CVE-2026-35273, in Oracle's PeopleSoft software, a system used for managing employee information. The financially motivated ShinyHunters extortion group has been linked to these widespread attacks, which targeted hundreds of organizations globally, with Nissan specifically identified as a victim.
Automaker Confirms Extensive Employee Data Exposure
Nissan Americas has confirmed that it suffered a data breach impacting both current and former employees, following a series of cyberattacks that exploited a previously unknown vulnerability in Oracle's PeopleSoft enterprise resource planning (ERP) software. The company disclosed the incident on June 29, 2026, after learning that threat actors had gained unauthorized access to sensitive personnel records.
Oracle PeopleSoft Zero-Day Vulnerability Exploited Globally
The breach at Nissan is part of a broader campaign targeting organizations utilizing Oracle PeopleSoft, a widely adopted ERP suite for human resources and payroll management. Threat actors leveraged a critical zero-day vulnerability, designated as CVE-2026-35273, in PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62. This vulnerability, a Server-Side Request Forgery (SSRF) that could lead to Remote Code Execution (RCE) with a CVSS score of 9.8, was actively exploited between May 27 and June 9, 2026, prior to Oracle releasing mitigations around June 10-11. Cybersecurity firm Mandiant, a Google Cloud company, and Google Threat Intelligence Group (GTIG) confirmed the zero-day exploitation by the ShinyHunters group, also tracked as UNC6240, and notified over 100 global organizations of potential compromise. For more details on Oracle's security measures, refer to Oracle's Security Alerts and Advisories.
Nissan Targeted Amidst Widespread Attacks
While hundreds of companies were affected by the Oracle PeopleSoft data theft attacks, Nissan was specifically targeted in the campaign, according to breach notifications filed with the California Attorney General's Office. Nissan Americas uses Oracle PeopleSoft to manage various employee records, including payroll and tax administration.
"Oracle has informed us that there was a cyber event and that the personnel records of hundreds of companies may have been obtained by so-called threat actors. We have since learned that Nissan was specifically targeted in this attack." — Nissan Americas, Breach Notification Filing
The company believes attackers accessed a range of personal information, potentially including:
- Employee contact and banking information
- Social Security numbers (SSN), Social Insurance Numbers (SIN), and National Identification Numbers (NIN)
- Financial and tax information
- Dependent and beneficiary information
The incident is believed to affect current and former Nissan employees across the United States, Canada, Mexico, and Brazil. In response, Nissan activated its incident response plan, engaged external cybersecurity experts, and secured affected systems. The automaker is also collaborating with Oracle to resolve the issue, has taken steps to prevent further unauthorized access, and is offering free credit and dark web monitoring services to affected individuals where available. As an additional safeguard, Nissan has restricted access to employee pay slips and direct deposit changes, requiring these actions to be performed from corporate networks or secure Virtual Private Network (VPN) connections with extra identity verification.
What This Means
This incident highlights the persistent threat of zero-day exploits, where vulnerabilities are leveraged before vendors can issue patches, leaving organizations exposed. For individuals, the potential compromise of sensitive data like Social Security numbers and banking details carries a high risk of identity theft and financial fraud. Organizations relying on complex ERP systems like PeopleSoft must maintain rigorous security postures, including continuous monitoring and rapid patching, to mitigate such sophisticated attacks. The involvement of a notorious group like ShinyHunters underscores the financially motivated nature of these breaches, often leading to data extortion. Learn more about the nature of these attacks on Wikipedia's page on Zero-Day Attacks.
Key Points
- Nissan Americas disclosed a data breach on June 29, 2026, affecting current and former employees.
- The breach was caused by the exploitation of a critical Oracle PeopleSoft zero-day vulnerability (CVE-2026-35273).
- The ShinyHunters extortion group is linked to the attacks, which impacted hundreds of organizations globally.
- Sensitive data, including Social Security numbers and banking information, for employees in the US, Canada, Mexico, and Brazil may have been accessed.
The Bottom Line
The Nissan data breach serves as a stark reminder of the evolving threat landscape, particularly for large enterprises dependent on extensive software ecosystems. Affected individuals should remain highly vigilant for any suspicious activity related to their personal and financial information. As investigations continue, organizations globally must prioritize robust vulnerability management and incident response strategies to defend against advanced persistent threats from groups like ShinyHunters. Further insights into threat actor activities can often be found on resources like the Mandiant Blog.