🛡️ BREAKING ALERT: Nissan Employee Data Breach — Oracle PeopleSoft Zero-Day Exploitation Confirmed
Published Monday, June 29, 2026 at 07:12 PM PT BLUF: Nissan has disclosed a data breach affecting employee personal information, linked to zero-day attacks targeting Oracle PeopleSoft infrastructure. Current and former Nissan employees should assume their data may be compromised. Organizations running Oracle PeopleSoft should treat this as an active threat indicator. DETAILS Nissan confirmed attackers exploited a zero-day vulnerability in Oracle systems to gain unauthorized access to employee data, per reporting from BleepingComputer and The Register. Compromised data reportedly includes payroll records and Social Security Numbers (SSNs) — categories that carry high identity theft and financial fraud risk. The attack vector is Oracle PeopleSoft, an enterprise HR and payroll platform widely deployed across large organizations globally. This incident appears consistent with a broader pattern of PeopleSoft exploitation: the threat actor group ShinyHunters was separately linked to a PeopleSoft breach affecting the NAIC; the connection to this Nissan incident is not yet confirmed. The full scope of affected employees — current vs. former, domestic vs. international — has not been publicly confirmed at time of publication. IMPACT Directly affected: Nissan employees whose HR and payroll records were stored in the compromised Oracle PeopleSoft environment. Broader risk: Any enterprise operating Oracle PeopleSoft is potentially exposed if the underlying zero-day has not been patched. Oracle’s patch status for this specific vulnerability is not confirmed in available reporting. Sector concern: This breach follows recent exploitation of Oracle E-Business Suite vulnerabilities, suggesting sustained, targeted threat activity against Oracle enterprise products. RECOMMENDED ACTIONS Nissan employees: Monitor financial accounts and credit reports immediately. Consider placing a credit freeze with major bureaus (Equifax, Experian, TransUnion). Oracle PeopleSoft administrators: Apply all available Oracle Critical Patch Updates immediately. Audit access logs for anomalous activity, particularly around HR and payroll modules. Security teams: Treat Oracle PeopleSoft as an active high-priority attack surface. Review network segmentation and privileged access controls for PeopleSoft environments. Incident response: Organizations that share HR data pipelines with Nissan should assess potential downstream exposure. UNCERTAINTY FLAGS Exact employee count affected: UNCONFIRMED Whether Oracle has issued a patch for the specific zero-day: UNCONFIRMED Threat actor attribution: UNCONFIRMED SOURCES BleepingComputer — Nissan discloses employee data breach linked to Oracle zero-day attacks The Register Security — Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs BleepingComputer — NAIC says public data stolen in ShinyHunters’ PeopleSoft breach (contextual) BleepingComputer — Hackers now exploit critical Oracle E-Business flaw in attacks (contextual)