Nissan employee data stolen through Oracle PeopleSoft zero-day attacks
Nissan has disclosed that current and former employees' data was stolen after attackers exploited a zero-day flaw in Oracle PeopleSoft, the software it uses to manage payroll, tax, and personnel records. In a filing with California's attorney general, Nissan said Oracle informed it that the personnel records of hundreds of companies may have been taken. The attacks, tied to the extortion group ShinyHunters, exploited PeopleSoft vulnerability CVE-2026-35273 as a zero-day between late May and early June, primarily hitting education organizations, before Oracle issued mitigations. ShinyHunters has begun leaking stolen data, with Nissan joining victims that include the University of Nottingham and a US insurance regulator group.
- Check
- Organizations using Oracle PeopleSoft should confirm the CVE-2026-35273 mitigations are applied and review access logs from late May through early June for signs of the data-theft activity Mandiant documented.
- Affected
- Nissan's current and former employees whose payroll and personnel records were exposed, and the hundreds of other PeopleSoft-using organizations Oracle says were caught in the same ShinyHunters zero-day campaign (CVE-2026-35273).
- Fix
- Apply Oracle's PeopleSoft mitigations, rotate exposed credentials, and offer affected employees identity protection. Affected individuals should watch for phishing and fraud using stolen payroll and personnel data, including tax-related identity theft.