Nissan warns employees of possible payroll and ID-data exposure after Oracle PeopleSoft breach
Nissan has told current and former employees that a cyber incident tied to Oracle’s PeopleSoft software may have exposed sensitive personal and payroll information, including bank account details, tax...
Nissan has told current and former employees that a cyber incident tied to Oracle’s PeopleSoft software may have exposed sensitive personal and payroll information, including bank account details, tax records, and national ID numbers such as Social Security numbers.
In a filing with the California Attorney General, Nissan Americas said Oracle had notified it of a breach affecting personnel records across hundreds of companies. Nissan later concluded that its own data had been specifically targeted in the attack.
The company’s notice says the information potentially accessed could include contact details, banking information, Social Security or Social Insurance numbers, and financial and tax documentation, as well as data about dependents and beneficiaries. Employees in the United States, Canada, Mexico, and Brazil may have been affected, although Nissan said it is still confirming the scope of the exposure.
Nissan said it activated its incident response process, brought in external security specialists, and has been working with Oracle while keeping law enforcement informed. The company also said it will provide credit monitoring or dark web monitoring to affected people where available.
Payroll controls tightened
As part of the response, Nissan has added extra verification steps for payroll-related requests. Employees can now view pay statements or change direct deposit information only from the corporate network or through a secure VPN. The company said it is also applying additional identity checks before processing payroll changes.
An employee FAQ accompanying the notice attributes the incident to an unknown vulnerability in Oracle PeopleSoft and says the wider campaign has affected hundreds of organizations and institutions. The document does not identify the flaw, say whether Oracle has patched it, or clarify whether the affected PeopleSoft environment was hosted by Oracle or managed by Nissan.
The disclosure comes amid reports that the ShinyHunters extortion group has been linked to a separate wave of intrusions aimed at PeopleSoft zero-days. Researchers said more than 100 organizations and roughly 300 PeopleSoft installations may have been compromised before Oracle issued mitigation guidance.
Nissan has not said whether its case is connected to those earlier attacks. The company’s filing lists the breach window as May 27 through June 9, which overlaps with the previously reported timeline. Oracle has made few public comments and did not immediately respond to questions about the incident.
