Nissan has confirmed that employee data was compromised as part of a large-scale zero-day campaign targeting Oracle PeopleSoft customers worldwide. The company disclosed the breach in a notification filed with the California Attorney General.
Nissan Americas uses Oracle PeopleSoft to handle employee information including payroll, tax administration, and related records. The carmaker was hit through a zero-day vulnerability tracked as CVE-2026-35273, which affected the PeopleSoft platform used by over 100 organizations globally.

What Data Was Stolen
According to the breach notification, the attackers may have accessed information belonging to current and former Nissan employees in the United States, Canada, Mexico, and Brazil. The exposed data reportedly includes:
- Social Security Numbers (SSNs)
- Banking information
- Financial and tax records
Nissan’s investigation remains ongoing, but the scope is significant given the company’s workforce across four countries in the Americas.
ShinyHunters Behind the Attack
The ShinyHunters extortion group is believed to be responsible for the PeopleSoft campaign. The group allegedly targeted more than 100 organizations through the same zero-day exploit, though only a handful of victims have been publicly confirmed so far.
As of the disclosure, Nissan was not listed on the ShinyHunters’ leak site. Other known victims include the University of Nottingham in the UK, the National Association of Insurance Commissioners (NAIC) in the US, plus Illinois Central College and Moody Bible Institute. The education sector appears to have been hit hardest by this campaign.
Nissan’s History of Security Incidents
This is not the first time Nissan has faced a cybersecurity breach. In April 2026, the Everest ransomware group claimed to have stolen Nissan customer data in a separate incident. The automaker has now dealt with two significant breaches within a matter of months.
The PeopleSoft zero-day is notable because it targeted enterprise resource planning (ERP) software, which sits at the core of HR, finance, and payroll operations for large organizations. ERP breaches expose the most sensitive employee and business data, making them high-value targets for extortion groups.
According to SecurityWeek, only a small fraction of the 100+ targeted organizations have been identified. Law enforcement and cybersecurity researchers are still working to determine the full scope of the attack.
Frequently Asked Questions
What is CVE-2026-35273?
CVE-2026-35273 is a zero-day vulnerability in Oracle PeopleSoft that was exploited in a large-scale attack campaign affecting over 100 organizations. It allows unauthorized access to employee data stored in PeopleSoft systems.
Who is ShinyHunters?
ShinyHunters is an extortion and data breach group known for targeting large organizations, stealing data, and threatening to publish or sell it unless a ransom is paid. They have been linked to multiple high-profile breaches since 2020.
Is my Nissan employee data at risk?
If you are a current or former Nissan employee in the US, Canada, Mexico, or Brazil, your personal and financial data may have been exposed. Nissan should be issuing individual notifications to affected employees.
How does PeopleSoft get hacked?
PeopleSoft is an enterprise resource planning suite from Oracle. Zero-day vulnerabilities in such systems are particularly dangerous because they give attackers access before a patch is available, and many organizations take weeks or months to apply fixes.
What should affected employees do?
Monitor your financial accounts, place fraud alerts on your credit reports with all three bureaus, and watch for official notification from Nissan about specific data that was exposed.
