Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: nissan (1 article)Clear

Nissan employee data stolen through Oracle PeopleSoft zero-day attacks

Nissan has disclosed that current and former employees' data was stolen after attackers exploited a zero-day flaw in Oracle PeopleSoft, the software it uses to manage payroll, tax, and personnel records. In a filing with California's attorney general, Nissan said Oracle informed it that the personnel records of hundreds of companies may have been taken. The attacks, tied to the extortion group ShinyHunters, exploited PeopleSoft vulnerability CVE-2026-35273 as a zero-day between late May and early June, primarily hitting education organizations, before Oracle issued mitigations. ShinyHunters has begun leaking stolen data, with Nissan joining victims that include the University of Nottingham and a US insurance regulator group.

Check
Organizations using Oracle PeopleSoft should confirm the CVE-2026-35273 mitigations are applied and review access logs from late May through early June for signs of the data-theft activity Mandiant documented.
Affected
Nissan's current and former employees whose payroll and personnel records were exposed, and the hundreds of other PeopleSoft-using organizations Oracle says were caught in the same ShinyHunters zero-day campaign (CVE-2026-35273).
Fix
Apply Oracle's PeopleSoft mitigations, rotate exposed credentials, and offer affected employees identity protection. Affected individuals should watch for phishing and fraud using stolen payroll and personnel data, including tax-related identity theft.