Nissan has disclosed a data breach affecting current and former employees after attackers exploited a critical Oracle PeopleSoft vulnerability during a broader data theft campaign linked to the ShinyHunters extortion group.
According to breach notifications, Nissan Americas used Oracle PeopleSoft to manage employee information, including payroll, tax administration, and other human resources functions. Oracle informed the automaker that threat actors had compromised PeopleSoft environments belonging to hundreds of organizations and that Nissan was among the companies specifically targeted.
The company said its investigation is ongoing, but believes attackers may have accessed a wide range of sensitive employee information. Potentially exposed data includes names, contact details, banking information, Social Security numbers, Social Insurance Numbers, national identification numbers, tax records, financial information, and dependent or beneficiary details.
The breach is believed to affect current and former employees in the United States, Canada, Mexico, and Brazil. Nissan said it activated its incident response procedures after learning of the compromise, engaged external cybersecurity experts, secured affected systems, and is continuing to work with Oracle as the investigation progresses.
The incident is part of a larger campaign exploiting a critical Oracle PeopleSoft PeopleTools vulnerability, tracked as CVE-2026-35273. Security researchers and Oracle warned that the flaw allowed unauthenticated remote code execution and was exploited as a zero-day before mitigations became available.
Earlier this month, the ShinyHunters extortion group claimed it had compromised more than 300 Oracle PeopleSoft instances across over 100 organizations by exploiting the vulnerability. While those claims have not been independently verified in full, multiple organizations have since confirmed breaches tied to the campaign, including Nissan.
Unlike traditional ransomware attacks that immediately encrypt systems, this campaign primarily focused on stealing sensitive data for extortion. Organizations whose HR and payroll systems relied on vulnerable PeopleSoft servers became attractive targets because they contained large volumes of employee records and financial information.