Nissan disclosed a major data breach affecting personnel files across four countries after attackers weaponized a critical Oracle vulnerability.
In a significant cross-border security incident that exposes the vulnerability of corporate administrative networks to highly targeted software zero-day exploits, international automotive manufacturer Nissan has officially acknowledged a major corporate data breach. Formally disclosed to international regulatory bodies and affected workers on Monday, June 29, 2026, the carmaker confirmed that unauthorized third-party threat actors successfully infiltrated its internal human resources and payroll servers. According to data breach notification filings submitted directly to state regulatory authorities, the automotive giant discovered that automated extraction scripts had systematically harvested highly sensitive personnel records belonging to thousands of current and former members of its workforce.
The immediate fallout from the corporate network intrusion is hitting Nissan’s regional administrative hubs across North America and South America. System telemetry reveals that the data exfiltration directly compromised personnel databases maintained by Nissan Americas, exposing sensitive employee records distributed across corporate operations in the United States, Canada, Mexico, and Brazil. In an effort to immediately contain the incident and minimize the threat of secondary corporate identity fraud, Nissan’s executive leadership team has enacted rigid network access adjustments, enforcing a policy that forces workers to access payslips or modify direct deposit details exclusively from physical company network terminals or authenticated corporate virtual private networks.
The core technical reason fueling the breach centers on the active weaponization of a critical, newly discovered security flaw tucked inside Oracle PeopleSoft enterprise software. Tracked by threat intelligence firms as CVE-2026-35273, the remote code execution vulnerability allowed remote attackers to completely bypass native authentication checks within the application’s Environment Management Hub component. Cybersecurity investigators at Mandiant and Google Threat Intelligence Group determined that a highly sophisticated extortion cluster, designated as UNC6240 and tightly linked to the notorious ShinyHunters hacking syndicate, had been scanning the public web to exploit unpatched enterprise systems. Because Nissan heavily utilized the vulnerable Oracle application to manage its corporate payroll, tax documentation, and banking records, the attackers were able to slip into the core directory and pull down unencrypted files containing employee Social Security numbers, national identification data, banking account routing logs, and private beneficiary details.
While Nissan’s engineering divisions stressed that the digital attack was entirely confined to its corporate administrative IT infrastructure, leaving the primary manufacturing plants, vehicular control mechanisms, and consumer-facing telematics networks safely isolated, the sheer depth of the stolen human resources data has triggered extensive threat-mitigation protocols. To counteract potential phishing campaigns targeting its workforce, Nissan is actively deploying complimentary credit tracking and dark web monitoring services to all exposed individuals while partnering with local law enforcement agencies to track the laundered information. This high-profile intrusion surfaces amidst a turbulent year for automotive supply chains, serving as a reminder that the highly complex software frameworks deployed to manage enterprise labor can frequently transform into the primary entry vector for destructive financial cybercrime.

