Nissan has disclosed a data breach affecting current and former employees after threat actors exploited a zero-day vulnerability in Oracle PeopleSoft.
According to the company, the incident is part of a broader cyber campaign that targeted hundreds of organizations and has previously been linked to the ShinyHunters extortion group.
Nissan said Oracle informed the company that attackers may have accessed employee records managed through its Oracle PeopleSoft platform, which supports payroll, tax administration and other personnel functions. The company added that it was specifically targeted during the attack campaign.
The investigation is still ongoing, but Nissan believes the compromised information may include employee contact details, banking information, Social Security Numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, as well as dependent and beneficiary details. The incident is believed to affect current and former employees in the United States, Canada, Mexico and Brazil.
Following the breach, Nissan activated its incident response process, engaged external cybersecurity experts, secured affected systems and is working with Oracle to address the issue. The company has also taken steps to block unauthorized access, prevent further exposure of employee information and will provide free credit monitoring and dark web monitoring services to affected individuals where available.
As an additional security measure, Nissan has temporarily restricted access to employee pay slips and direct deposit changes to company network computers or secure VPN connections. Additional identity verification measures have also been introduced before processing payroll-related requests. Employees whose information is confirmed to have been exposed will receive further notifications outlining the affected data.
The breach is linked to the widespread exploitation of Oracle PeopleSoft PeopleTools vulnerability CVE-2026-35273, which was later disclosed by Oracle along with emergency mitigations. Security researchers said the flaw was exploited as a zero-day between May 27 and June 9, impacting more than 100 organizations. The ShinyHunters group claimed responsibility for breaching over 300 PeopleSoft instances and has since leaked data from several affected organizations.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.


