Search This Blog

Popular Posts

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Nissan Confirms Employee Data Breach Following Oracle PeopleSoft Zero-Day Cyberattack

Nissan Confirms Employee Data Breach Following Oracle PeopleSoft Zero-Day Cyberattack affecting employee records across North America.

 

Nissan has confirmed that it fell victim to a third-party cyberattack after being targeted as an Oracle PeopleSoft user, making it the latest company to suffer an attack due to a yet-revealed vulnerability. The breach is currently under investigation, with Nissan reporting that the attackers could have accessed the personal data of thousands of employees worldwide. 

Based on the breach notification sent to the California Department of Consumer Affairs, Nissan Americas uses Oracle PeopleSoft to perform essential employee management functions, including payroll, taxes, and record-keeping. The attack relied on a zero-day flaw, CVE-2026-35273, which was patched later, with the vulnerability already being actively exploited. There breached data is reported to affect current and former employees in the United States, Canada, Mexico, and Brazil. 

Notably, the data includes social security, banking, financial, and tax information. Nissan is currently investigating the scope of the damage, with the company yet to conclude its research. Researchers report that ShinyHunters extortion gang is behind the identified Oracle PeopleSoft-related attacks, with over 100 companies already reportedly identified as victims of the zero-day flaw. 

Although Nissan was not found on the ShinyHunters data leak site, reports suggest that the cybercriminals might still use the data for extortion. It remains unclear whether the breached data would be published or utilized in ransomware attacks by the threat actors. The vulnerability affecting Oracle PeopleSoft, which has been reported to affect thousands of enterprise users worldwide, continues to raise concerns. 

Since the affected software is designed for critical data, including employee management, the security flaw may have severe implications. Besides Nissan, several companies have been reported to fall victim to the vulnerability, with Everest Ransomware Group recently claiming to have stolen customer data from the car manufacturer. Cybercriminals seem to target major manufacturers, including those based in the United States and threatening to expose the data for extortion. 

Although only a handful of companies have officially confirmed to be victims of the Oracle PeopleSoft cyberattack, others are likely to suffer due to the scale of the problem. National Association of Insurance Commissioners recently confirmed being a victim of the attack, with the University of Nottingham also reportedly being among the affected institutions. 

The most significant damage, however, seems to be related to the education sector, with Illinois Central College and Moody Bible Institute being the only two confirmed victims at the time of the publication. According to cybersecurity analysts, the sector has suffered the largest fallout from the PeopleSoft attack, with several universities reportedly being targeted by the ShinyHunters extortion gang. 

Another PeopleSoft cyberattack serves as a reminder of the constant security challenges facing enterprise users relying on the application to protect sensitive employee data. With investigations into the breach underway, more companies may be identified as victims of the attack in the coming weeks.
Share it:
Next
This is the most recent post.
Previous
Older Post

Cyberattacks

Data Breach

Data Leak

data security

Digital Personal Data Protection

Employee Data

employee data exposed