Industry - Data Breach
Executive Summary
Nissan disclosed a data breach affecting current and former employees in the United States, Canada, Mexico, and Brazil after attackers exploited a zero-day vulnerability in Oracle PeopleSoft software. The breach, linked to the ShinyHunters extortion group, potentially exposed sensitive personal information including Social Security numbers, banking details, tax records, and dependent information. Nissan is offering affected employees free credit monitoring and has restricted access to payroll...
What Happened
On June 29, 2026, Nissan disclosed a data breach affecting current and former employees after threat actors exploited a zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft software used to manage employee records. The attack, attributed to the ShinyHunters extortion group, was part of a broader campaign that Oracle reported impacted hundreds of companies. Nissan stated it was specifically targeted in this attack and has engaged external cybersecurity experts while working with Oracle to secure affected systems and investigate the full scope of the breach.
Who Is Affected
Current and former Nissan employees in the United States, Canada, Mexico, and Brazil are believed to be impacted by this breach. The potentially exposed information includes employee contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax records, and information about dependents and beneficiaries. Nissan is still investigating the full extent of the breach and has not yet determined exactly which employees had their specific data accessed.
Why It Matters
This breach demonstrates the cascading privacy risks that emerge when widely-used enterprise software contains security vulnerabilities, as a single flaw in Oracle PeopleSoft enabled attacks across hundreds of organizations. The sensitive nature of the exposed data - including Social Security numbers, banking details, and tax records - creates significant identity theft and financial fraud risks for affected employees. The involvement of ShinyHunters, a known extortion group that claimed to have breached over 300 PeopleSoft instances across 100 organizations, suggests this data may be sold or used for further criminal activity.
What You Should Do
Affected Nissan employees should enroll in the free credit and dark web monitoring services being offered by the company where available. Monitor bank accounts, credit reports, and tax filings closely for any unauthorized activity or signs of identity theft. When accessing payroll information or making direct deposit changes, use only company network computers or secured VPN connections as Nissan has restricted other access methods. Watch for additional notifications from Nissan that will specify exactly what personal information was compromised in your case.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
Related Events
- Industry - Data BreachJun 10, 2026
The ShinyHunters extortion gang is exploiting vulnerabilities in Oracle PeopleSo...
- Industry - Data BreachJun 15, 2026
The ShinyHunters hacking group breached Infinite Campus's Salesforce system in M...
- Industry - Data BreachJun 7, 2026
HVAC/R wholesale distributor Baker Distributing Company suffered a data breach i...