Nissan the latest victim in Oracle’s PeopleSoft attack: sensitive data stolen

Published: 30 June 2026
nissan

Nissan North America has begun notifying employees after a cyberattack targeted Oracle's PeopleSoft software. Reportedly, attackers exfiltrated sensitive information belonging to Nissan’s current and former workers across multiple countries.

Key takeaways:
  • Nissan is notifying current and former employees after attackers exploited an Oracle PeopleSoft vulnerability, potentially exposing sensitive HR and payroll data.
  • Attack on Nissan is part of a broader campaign affecting hundreds of organizations, with experts attributing it to ShinyHunters.
  • The potentially compromised information includes contact details, bank account information, Social Security or national ID numbers, tax records, and dependent and beneficiary data for employees in the U.S., Canada, Mexico, and Brazil.
  • Nissan has tightened payroll security by requiring additional identity verification and restricting payroll access to company networks or secure VPNs.
  • Nissan offered affected individuals credit or dark web monitoring services where available.

The Japanese automaker recently disclosed the cyber incident in a filing with the California Department of Justice.

ADVERTISEMENT

According to a security notice sent to employees, Nissan was specifically targeted as part of a broader cyber campaign affecting organizations that use Oracle PeopleSoft, the software used to manage payroll, tax administration, and HR records.

The company states that Oracle’s PeopleSoft was affected by "an unknown vulnerability." According to Nissan, the attack is impacting "hundreds of companies and institutions" that rely on the HR and payroll software.

“Oracle has informed us that there was a cyber event and that the personnel records of hundreds of companies may have been obtained by so-called threat actors,” Nissan stated.“We have since learned that Nissan was specifically targeted in this attack,” the company added.

Reportedly, Nissan's American division systems were breached between May 27th and June 9th, 2026. Currently, the company says it is continuing to investigate the full scope of the incident with Oracle, external cybersecurity experts, and law enforcement.

letter nissan
Source: the California Department of Justice.

The Japanese automaker recently disclosed the cyber incident in a filing with the California Department of Justice.

Nissan employee records may have been accessed

Although the investigation remains ongoing, Nissan has informed employees that attackers may have accessed a broad range of sensitive employee information, including:

ADVERTISEMENT
  • Contact information
  • Banking information
  • Social Security numbers (or equivalent national identification numbers)
  • Financial and tax records
  • Dependent and beneficiary information

The company said the incident affects both current and former employees in the United States, Canada, Mexico, and Brazil.

Nissan restricts payroll access

As part of its response, Nissan says it activated its incident response procedures immediately after learning of the attack.

As part of the security measures, Nissan introduced additional identity verification requirements for payroll requests.

Employees can now only access payroll information or modify direct deposit details from a company network or through a secure VPN connection.

Nissan also said it plans to offer affected individuals complimentary credit monitoring or dark web monitoring services where available.

Nissan’s employees warned about phishing risks

Because the exposed information includes financial and identity data, Nissan is warning employees to remain vigilant for follow-on attacks.

The company is advising workers to:

ADVERTISEMENT
  • Watch out for suspicious emails, phone calls, and text messages
  • Avoid clicking on unfamiliar links or attachments
  • Change passwords, particularly if reused across multiple accounts
  • Enable multi-factor authentication
  • Monitor bank accounts and credit reports for suspicious activity
  • Never disclose personal information in response to unsolicited communications

ShinyHunters behind attacks on Oracle’s PeopleSoft

In mid-June, Alphabet's cybersecurity unit, Mandiant, and Google Threat Intelligence Group identified an active compromise and extortion campaign targeting Oracle's PeopleSoft enterprise software, which they attributed to the hacking group ShinyHunters.

The campaign took place between May 27th and June 9th, Google said in a blog. The campaign affected more than 100 organizations.

Unlock more exclusive Cybernews content on YouTube:

Share
Post
Share
Share
Share
More from Cybernews
Apple’s AirDrop and Android’s Quick Share vulnerable: nearby hackers initiate connection, crash devices, or worse
Another Claude Code attack allows full takeover of developers’ systems
GitHub overwhelmed as flood of vulnerability reports slows security fixes
Portugal launches its own open-source AI model, “Amália”
WhatsApp says it's time to reserve your username: here’s how
UK regulator plans to let Apple and Google users choose cheaper payment options in app stores
ADVERTISEMENT