Nissan discloses employee data breach linked to Oracle PeopleSoft zero-day exploitation
Tags Enterprise
Nissan has disclosed a data breach affecting current and former employees after threat actors exploited a zero-day vulnerability in Oracle PeopleSoft in data theft attacks previously linked to the ShinyHunters extortion group. The breach exposed employee data through the enterprise resource planning system. The National Association of Insurance Commissioners (NAIC) also confirmed it was affected by the same Oracle PeopleSoft vulnerability, though NAIC stated only publicly available data, outdated logs, and configuration files were stolen. The Oracle E-Business Suite has also seen a separate critical vulnerability (CVE-2026-46817) begin exploitation in the wild.
Technical significance
The exploitation of Oracle PeopleSoft and E-Business Suite zero-days represents a significant threat to enterprise ERP systems that store sensitive employee and financial data. Organizations running Oracle enterprise applications should immediately assess their exposure and apply available patches. The connection to ShinyHunters suggests a coordinated campaign targeting Oracle's enterprise customer base, with multiple organizations likely affected beyond those that have disclosed publicly.