Back to Feed
BreachesJun 30, 2026

Nissan Employee Data Breached in Oracle PeopleSoft Hack

Nissan confirms data breach impacting current and former employees due to Oracle PeopleSoft zero-day hack.

Summary

Nissan has disclosed a data breach affecting current and former employees in North and South America, stemming from a zero-day vulnerability in Oracle PeopleSoft. The attackers may have accessed sensitive information including SSNs and banking details. The ShinyHunters group is suspected to be behind this campaign, which has targeted over 100 organizations, with the education sector being particularly impacted.

Full text

Nissan has disclosed a data breach stemming from the recent zero-day campaign targeting Oracle PeopleSoft customers. According to a data breach notification filed with the California Attorney General, Nissan Americas uses Oracle PeopleSoft to manage employee information, including tax administration, payroll, and other records. The carmaker recently learned that it was one of the targets of the campaign, which exploited a zero-day vulnerability tracked as CVE-2026-35273. While Nissan’s investigation is ongoing, the company believes the attackers may have stolen information belonging to current and former employees in the US, Canada, Mexico and Brazil, including SSNs, banking information, and financial and tax data. The ShinyHunters extortion group is believed to be behind the PeopleSoft campaign, but Nissan is not listed on the cybercriminals’ website at the time of writing. Nissan is regularly targeted by threat actors. Most recently, the Everest ransomware group claimed in April to have stolen Nissan customer data. Advertisement. Scroll to continue reading. ShinyHunters allegedly targeted more than 100 organizations in the PeopleSoft campaign, but only a handful of other victims are currently known. The University of Nottingham is widely believed to be a victim of the attack, and the National Association of Insurance Commissioners (NAIC) confirmed last week that it was targeted. On the ShinyHunters website only Illinois Central College and Moody Bible Institute are listed as victims of the PeopleSoft operation. Indeed, the education sector is said to be the most significantly impacted. Related: Nissan Confirms Impact From Red Hat Data Breach Related: More Klue Breach Victims Identified as Hackers Get Hacked Related: Canadian Electricity Provider London Hydro Discloses Data Breach Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AIAmazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories$3 Million Reportedly Stolen in Polymarket HackFirst-Ever Exploitation of PTC Windchill Vulnerability Discovered in the WildCal Water Says No OT Systems Breached in Iranian Handala CyberattackLantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat WarningCisco SD-WAN Zero-Day Exploited Months Before PatchingMicrosoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware Latest News Critical SimpleHelp Vulnerability Exploited for Malware DeliveryQuantifind Raises $200 Million for AI-Native Risk IntelligenceNew Controller Flaws Expose Highway Signs and Billboards to Remote HackingWhatsApp Rolling Out Username Feature to Bolster Phone Number PrivacyResearchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer MachinesStraiker Raises $64 Million for AI Security PlatformInsurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveTracey Mustacchio has joined Everfox as Chief Marketing Officer.Mark Carter has been appointed Chief Information Security Officer at Socure.Spektrum Labs has named Mark Cravotta Chief Operating Officer.More People On The MoveExpert Insights When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

  • cve — CVE-2026-35273

Entities

Oracle PeopleSoft (product)Oracle (vendor)ShinyHunters (threat_actor)Everest ransomware group (threat_actor)Nissan (vendor)