**Nissan** is currently investigating a data breach that has compromised the personal information of its employees. The breach notification filed with the California Attorney General's Office indicates that the attack exploited a vulnerability in **Oracle PeopleSoft** software, a system **Nissan Americas** uses for managing employee information, including payroll and tax administration. **Oracle** has confirmed that these data theft attacks impacted hundreds of companies, with **Nissan** specifically targeted in the campaign. ### Scope of the Breach While the full extent of the breach is still under investigation, **Nissan** believes attackers accessed sensitive personal information. This may include employee contact details, banking information, Social Security Numbers (SSN), Social Insurance Numbers (SIN), National Identification Numbers, financial and tax records, and dependent and beneficiary information. The incident is believed to affect current and former **Nissan** employees in the United States, Canada, Mexico, and Brazil. ### Nissan's Response Upon discovering the breach, **Nissan** activated its incident response protocols. The company has engaged external cybersecurity experts, secured affected systems, and is collaborating with **Oracle** to address the underlying issues. To prevent further unauthorized access and data disclosure, **Nissan** has taken steps to end malicious activity. The automaker will also offer free credit and dark web monitoring services to affected individuals where available. As an interim security measure, **Nissan** is restricting access to employee pay slips and direct deposit changes to company network computers or secured VPN connections. This is being done while additional identity verification measures are implemented for payroll requests. Employees whose data is confirmed to have been exposed will receive further notifications detailing the specific information compromised. ### Link to ShinyHunters and PeopleSoft Zero-Day This disclosure is strongly linked to the widespread exploitation of **Oracle PeopleSoft** servers that came to light earlier this month. Threat actors leveraged a zero-day vulnerability in **Oracle PeopleSoft** to breach instances and exfiltrate data. The **ShinyHunters** extortion group claimed responsibility for these attacks, asserting that they had breached over 300 **PeopleSoft** instances across 100 organizations. Subsequently, **Oracle** disclosed a critical vulnerability in **Oracle PeopleSoft PeopleTools**, tracked as **CVE-2026-35273**, and released emergency mitigations. While **Oracle** has not publicly confirmed the exploit, **Mandiant** later validated that threat actors exploited **CVE-2026-35273** as a zero-day between May 27 and June 9. These attacks predominantly targeted organizations in the education sector, with **Mandiant** notifying over 100 affected entities. **ShinyHunters** has since begun leaking data stolen in these attacks on its data leak site, impacting institutions like **Nottingham University** and the **National Association of Insurance Commissioners (NAIC)**. **ShinyHunters** is a well-known extortion group that frequently targets cloud SaaS environments and third-party integration partners, including **Salesforce** and **Snowflake**, for data theft. The group recently targeted the education sector in a separate cyberattack on **Instructure Canvas**, where they claimed to have stolen 280 million data records from students, teachers, and staff. **Instructure** later reportedly paid a ransom to prevent the data from being leaked.