Nissan has recently revealed a significant data breach affecting both current and former employees. This breach entails the potential theft of sensitive personal information, including Social Security numbers, banking details, and tax records. The vulnerability was exploited by attackers who took advantage of a zero-day flaw found in Oracle’s PeopleSoft software, which is used by many organizations for payroll and human resources management.
In a breach notification released on June 26, Nissan disclosed that Oracle had alerted them regarding a cyber event that impacted hundreds of companies, noting that Nissan was specifically targeted in this incident. The car manufacturer stated that the breach likely impacted current and former employees across several countries, including the United States, Canada, Mexico, and Brazil. Alongside Social Security numbers, the compromised data may include national identification numbers and information related to dependents or beneficiaries.
### Caught in a Mass PeopleSoft Campaign
Nissan described the vulnerability that allowed this breach as an unknown weakness within Oracle PeopleSoft. This particular flaw, designated as CVE-2026-35273, has been categorized as a critical remote code execution bug exploited as a zero-day vulnerability, meaning that it was compromised before a patch was available to fix it. The broader cyber campaign associated with this breach has been linked to the ShinyHunters extortion group, notorious for targeting over 100 organizations—predominantly universities.
Oracle only issued an advisory and mitigations for this vulnerability after the attacks began. According to documents filed by Nissan, the breach occurred during a window between May 27 and June 9, a period in which several organizations were affected. While many of the institutions targeted were educational in nature, Nissan’s involvement positions it as one of the major corporate entities caught in this extensive cyber scheme.
### Sensitive Data and a Payroll Lockdown
The data compromised in this incident goes beyond just Social Security and national identification numbers. Nissan specified that the breached information could also include critical contact and banking details, comprehensive financial and tax data, as well as records pertaining to dependents or beneficiaries. In response to this serious data compromise, Nissan has positioned itself to secure its systems. The company announced its cooperation with Oracle to assess the situation further and has committed to offering affected personnel complimentary credit monitoring and services to check the dark web for potential misuse of their data.
As a precautionary measure against future breaches, Nissan has implemented restrictions on payroll access, mandating that employees must use a network computer or a secure VPN to access pay slips or modify direct deposit information. Additionally, the company has introduced extra identity verification measures before processing any payroll requests. This reinforces Nissan’s commitment to safeguarding its employees’ sensitive information. They have advised employees to remain vigilant, particularly in guarding against phishing attacks, and encouraged them to change passwords that may have been reused across accounts while also enabling multi-factor authentication (MFA) wherever possible.
Simon Pamplin, Chief Technology Officer at the data security firm Certes, characterized this incident as “a mass-casualty event across hundreds of unrelated organizations.” He emphasized that merely patching the vulnerability does not rectify the risk posed by data that may have already been acquired during the period of exploitation.
Nissan has indicated that its investigation into the breach is ongoing, emphasizing that all individuals whose data may have been compromised will be contacted directly to inform them of the situation and the resulting actions. The emphasis on communication reflects the company’s commitment to transparency in this difficult scenario.
In light of this breach, Nissan is not only focusing on immediate remedies but is also likely to undertake a comprehensive review of its cybersecurity protocols to prevent similar incidents in the future. This event underscores the growing threat posed by sophisticated cybercriminals and the necessity for organizations to be proactive and vigilant in protecting sensitive information.