Blog Details

Nissan is warning that it suffered an records breach affecting most contemporary and feeble staff after risk actors exploited an Oracle PeopleSoft vulnerability in records theft attacks previously linked to the ShinyHunters extortion group.

In breach notifications filed with the California Felony unswerving Overall’s Place of job, Oracle says these records theft attacks impacted a whole bunch of firms and that Nissan change into namely focused in the campaign.

“Nissan Americas uses Oracle PeopleSoft software to manage employee information, including payroll, tax administration, and other personnel records,” reads the breach notifications.

“Oracle has informed us that there was a cyber event and that the personnel records of hundreds of companies may have been obtained by so-called threat actors. We have since learned that Nissan was specifically targeted in this attack.”

Nissan says it’s accumulated in the early phases of the investigation and has no longer yet sure the elephantine affect of the breach, however believes attackers accessed personal records that could just consist of employee contact records, banking records, Social Security numbers, Social Insurance protection Numbers, National Identification Numbers, monetary and tax records, and dependent and beneficiary records.

The incident is believed to affect most contemporary and feeble Nissan staff in the United States, Canada, Mexico, and Brazil.

Nissan says it activated its incident response after studying it had suffered an records breach, engaged exterior cybersecurity experts, secured affected programs, and is working with Oracle to contend with the peril.

The corporate says it also took steps to whole unauthorized access and prevent additional disclosure of employee records and can offer free credit rating and shadowy internet monitoring companies and products to affected other folk where available.

As a additional precaution, Nissan says it’s restricting access to employee pay slips and insist deposit changes to company network computers or secured VPN connections while it implements additional identity verification measures sooner than processing payroll requests.

The automaker says that staff whose records is indirectly sure to were uncovered will receive additional notifications detailing what records change into impacted.

Online fraud Linked to ShinyHunters PeopleSoft zero-day attacks

The disclosure is believed to stem from the frequent exploitation of Oracle PeopleSoft servers first reported by BleepingComputer earlier this month.

As first reported, risk actors exploited a 0-day vulnerability in Oracle PeopleSoft to breach cases and grasp records.

The ShinyHunters extortion gang claimed accountability for the attacks, telling BleepingComputer that over 300 PeopleSoft cases all through 100 organizations had been breached.

Soon after, Oracle disclosed a serious vulnerability in Oracle PeopleSoft PeopleTools, tracked as CVE-2026-35273, and released emergency mitigations.

While Oracle has accumulated no longer publicly confirmed that the flaw change into exploited, Mandiant later confirmed that risk actors exploited the Oracle PeopleSoft CVE-2026-35273 vulnerability as a 0-day in records theft attacks between May perchance perchance just 27 and June 9.

These attacks primarily impacted organizations in the education sector, and Mandiant acknowledged it notified over 100 organizations, confirming the records previously shared by ShinyHunters.

Since then, ShinyHunters has begun leaking records stolen in these attacks on its records leak assert, together with for the Nottingham University and the National Affiliation of Insurance protection Commissioners (NAIC) .

The risk actors are a effectively-identified extortion group that commonly targets Salesforce, Snowflake, third-celebration integration companions, and loads of cloud SaaS environments for records theft.

ShinyHunters currently focused the education sector in a separate cyberattack on Instructure Canvas, stealing 280 million records records from students, lecturers, and workers.  Instructure later paid a ransom to forestall the records from being leaked.