Nissan Employee Data Breach: What The Oracle PeopleSoft Zero-Day Exposed

Nissan is warning current and former employees that personal information may have been exposed after attackers targeted Oracle PeopleSoft, the enterprise software Nissan Americas uses for employee records, payroll, tax administration, and related personnel data. The important point for customers and small businesses is not only that Nissan was affected. It is that a widely used back-office system became the entry point for a broader data-theft campaign, which is exactly why payroll, HR, accounting, and vendor portals deserve the same urgency as email and endpoint security.

Quick Read: What Happened

• Nissan Americas disclosed an employee-data breach tied to Oracle PeopleSoft. The company says PeopleSoft manages employee records, payroll, and other personal data for Nissan Americas.
• The incident may affect current and former employees in the United States, Canada, Mexico, and Brazil. Nissan says it is still investigating the full nature and scope.
• The data at risk is sensitive. Nissan’s notice says potentially involved information may include contact details, banking information, Social Security numbers or equivalent national identifiers, financial and tax information, and dependent or beneficiary information.
• The broader campaign is linked by security researchers to CVE-2026-35273. Oracle describes this PeopleSoft PeopleTools vulnerability as remotely exploitable without authentication and capable of remote code execution.
• Oracle released an emergency security alert on June 10, 2026. CISA later added the vulnerability to its Known Exploited Vulnerabilities catalog, making it a confirmed active-exploitation priority for federal agencies.
• For small businesses, the lesson is practical: HR, payroll, finance, dealership, vendor, and ERP systems can hold the most useful identity-theft data in the company. Patch them, restrict exposure, review logs, and lock down payroll-change workflows.

What Nissan Says Was Accessed

The clearest source is Nissan’s breach notification filed with the California Attorney General. In the notice, Nissan says Oracle’s PeopleSoft program, which manages employee records, payroll, and other personal data, experienced a cyber incident in which data was unlawfully accessed on Nissan’s systems. Nissan says the attack involved an unknown vulnerability in Oracle PeopleSoft and is affecting hundreds of companies and institutions.

Nissan’s notice says the investigation is still early, but the potentially involved information may include:

• employee contact information,
• banking information,
• Social Security numbers, Social Insurance Numbers, or other national identification numbers,
• financial and tax information,
• dependent and beneficiary information.

That combination matters because it can support more than one kind of fraud. Contact details help attackers personalize phishing. Payroll and banking details can support direct-deposit fraud. National identifiers and tax data can support identity theft, fake account creation, tax-refund fraud, benefits fraud, or social-engineering calls that sound much more convincing than generic spam.

Nissan also says it activated incident-response procedures, engaged internal teams and external experts, worked with Oracle, secured affected systems, notified law enforcement, and will offer credit monitoring or dark-web monitoring where available. Separate reporting from The Register and BleepingComputer says the impacted population is believed to include current and former employees in the U.S., Canada, Mexico, and Brazil, while Nissan continues to determine exactly whose information was exposed.

Why The Oracle PeopleSoft Zero-Day Matters

PeopleSoft is not a consumer app. It is enterprise software used by large organizations for HR, payroll, finance, procurement, student administration, and other back-office operations. That makes it attractive to data-theft groups because one vulnerable enterprise application can lead to a concentrated store of employee, student, customer, payroll, tax, or vendor data.

The vulnerability tied to the broader campaign is CVE-2026-35273, affecting Oracle PeopleSoft Enterprise PeopleTools. Oracle’s advisory says the issue is remotely exploitable without authentication and may result in remote code execution. NVD lists affected supported PeopleTools versions as 8.61 and 8.62 and describes successful exploitation as a possible takeover of PeopleSoft Enterprise PeopleTools, with a CVSS 3.1 base score of 9.8.

Google’s Mandiant and Google Threat Intelligence Group reported an active compromise and extortion campaign attributed to UNC6240, also known as ShinyHunters, targeting Oracle PeopleSoft application infrastructure. They observed activity between May 27, 2026, and June 9, 2026, consistent with exploitation of CVE-2026-35273. Because that activity happened before Oracle’s June 10 advisory, security researchers describe the campaign as zero-day exploitation.

That does not mean every PeopleSoft customer was breached, and it does not mean every breach notice has the same exposed fields. It does mean any organization running affected PeopleSoft infrastructure should treat this as an incident-response problem, not just a routine patch ticket.

Timeline: May 27 Through June 30

• May 27 to June 9, 2026: Google/Mandiant observed activity consistent with exploitation of the PeopleSoft vulnerability in a campaign attributed to UNC6240/ShinyHunters.
• June 10, 2026: Oracle released an out-of-band security alert for CVE-2026-35273.
• June 12, 2026: CISA added CVE-2026-35273 to the Known Exploited Vulnerabilities catalog, setting a June 15 federal remediation due date.
• June 25, 2026: Nissan’s former-employee breach communication was filed with the California Attorney General.
• June 29 to June 30, 2026: major security outlets reported the Nissan disclosure and connected it to the broader Oracle PeopleSoft zero-day campaign.

What Affected Employees Should Do Now

If you are a current or former Nissan employee and receive a notice, read it closely and use the monitoring offer if it applies to you. Because the exposed categories may include payroll, banking, tax, and dependent information, this deserves more attention than a basic email-address leak.

• Freeze your credit with Equifax, Experian, and TransUnion if your Social Security number or national identifier may be involved. A freeze is stronger than simply watching alerts.
• Place a fraud alert if you are not ready to freeze credit. It is not as strong, but it adds a warning step for new-credit attempts.
• Watch bank and payroll activity. Look for direct-deposit changes, new pay-card requests, unfamiliar account-routing changes, or unexpected payroll emails.
• Be suspicious of HR-themed phishing. Attackers may reference benefits, tax forms, payroll changes, direct deposit, severance, insurance, or employee portals.
• Use strong MFA on email, bank, payroll, tax, and benefits accounts. If an account supports authenticator apps or hardware security keys, prefer those over SMS when practical.
• Keep tax records organized. If tax information was exposed, file early when possible and watch for IRS or state tax notices about duplicate filings or account changes.
• Save the breach notice. Keep a copy of the letter, monitoring offer, enrollment deadline, and any support phone number from Nissan’s official notice.

What Businesses Should Check Even If They Do Not Use PeopleSoft

Most small businesses in Port Saint Lucie, Jensen Beach, Fort Pierce, and Vero Beach are not running Oracle PeopleSoft directly. The useful lesson is broader: the systems that manage employees, money, vendors, benefits, and taxes are high-value targets, even when they are hosted by a vendor or buried behind a portal.

If you run PeopleSoft or another enterprise HR/payroll system:

• Confirm whether any PeopleSoft PeopleTools 8.61 or 8.62 systems are in use, including test, staging, legacy, and vendor-managed environments.
• Apply Oracle’s CVE-2026-35273 guidance and verify the fix is actually installed, not just approved.
• Review whether PeopleSoft Environment Management endpoints are reachable from the internet or broad internal networks.
• Preserve and review logs covering at least late May through mid-June 2026 before cleanup or rebuild work destroys useful evidence.
• Rotate credentials that may have been accessible from the affected application environment.
• Check for suspicious exports, unusual admin activity, new accounts, modified scheduled jobs, unexpected integrations, and outbound data movement.
• Prepare notification workflows before you know the final scope. Waiting until every answer is perfect can slow down protective action.

If you rely on outside payroll, HR, finance, or dealership/vendor platforms:

• Ask vendors whether they run Oracle PeopleSoft or other affected Oracle enterprise products in your service path.
• Confirm who is allowed to change direct deposit, tax withholding, administrator accounts, banking details, and employee contact information.
• Require out-of-band verification for payroll and bank-routing changes, especially for executives, finance staff, HR staff, and newly changed email accounts.
• Review connected apps, shared admin accounts, old vendor logins, and former-employee access.
• Back up critical payroll, accounting, HR, and vendor records in a way that is recoverable if the vendor portal is unavailable.

This is also a good reminder that “we use a cloud vendor” is not the same thing as “we have no responsibility.” Businesses still need vendor-risk notes, admin-access control, MFA, log review, payroll-change verification, and a basic breach-response plan.

Good News, Bad News

The good news: Oracle has published security guidance for CVE-2026-35273, CISA has clearly marked the vulnerability as exploited, Nissan says it has activated incident response and is working with Oracle and external experts, and affected employees should receive direct communication rather than having to guess from headlines.

The bad news: the data categories named in Nissan’s notice are exactly the kind of information that can create long-tail identity risk. Payroll, banking, tax, dependent, and beneficiary data can remain useful to criminals long after the original server vulnerability is patched. Also, the broader PeopleSoft campaign appears to have affected many organizations, which means more breach notices may continue to surface.

FAQ

Does this affect Nissan customers?

The currently reported Nissan disclosure is focused on current and former employees, not vehicle owners or dealership customers. That could change if Nissan’s investigation finds more, but the available notice centers on employee PeopleSoft records.

What is Oracle PeopleSoft?

PeopleSoft is enterprise software used for back-office functions such as HR, payroll, finance, procurement, and other administrative systems. Home users normally do not run it, but they can still be affected if an employer, school, insurer, government office, payroll provider, or vendor uses it.

Is there a fix for the PeopleSoft vulnerability?

Oracle released an emergency security alert for CVE-2026-35273 on June 10, 2026. Organizations running affected PeopleSoft PeopleTools systems should follow Oracle’s guidance immediately, confirm affected versions and exposed endpoints, and review logs for signs of compromise because exploitation reportedly occurred before the advisory.

Should affected employees change passwords?

Yes, especially for email, payroll, banking, tax, and benefits accounts. But password changes alone are not enough if Social Security numbers, national identifiers, banking data, or tax records were exposed. Use MFA, monitor accounts, consider credit freezes, and watch for payroll or benefits fraud.

Why does this matter to small businesses that do not use PeopleSoft?

Because the same pattern applies to smaller tools: payroll portals, HR platforms, accounting systems, insurance portals, dealership systems, vendor portals, and cloud admin dashboards. If those systems are weakly protected, attackers can get the business’s most sensitive employee and financial data without touching every workstation.

Related Reading

• Important Tech News Roundup: June 12, 2026 – AI Scams, PeopleSoft, Chrome, AI Agents, SpaceX
• Check Email Forwarding Rules Before They Leak Your Messages
• Internet of Bodies: How IoB Can Help Us, Warn Us, And Put Our Privacy At Risk

Sources

• California Attorney General filing: Nissan former-employee cybersecurity incident communication
• The Register: Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs
• SC Media: Nissan confirms employee data exposed in Oracle PeopleSoft cyberattack
• Infosecurity Magazine: Nissan discloses employee data breach linked to Oracle zero-day
• Google Cloud / Mandiant: ShinyHunters targets education sector with Oracle exploit
• Oracle Security Alert Advisory: CVE-2026-35273
• NVD: CVE-2026-35273 vulnerability detail
• CISA Known Exploited Vulnerabilities catalog
• Help Net Security: Oracle PeopleSoft servers under attack
• Rapid7: Active exploitation of Oracle PeopleSoft zero-day

Need help checking payroll portals, vendor access, MFA, endpoint security, backups, or breach-response basics for your business? The IT Guys can help local businesses tighten the systems that hold employee and financial data.