Nissan Employee Data Breached in Oracle PeopleSoft Hack

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed. The post Nissan Employee Data Breached in Oracle PeopleSoft Hack appeared first on SecurityWeek .

The article reports that Nissan employee data, including payroll records, banking details, Social Security numbers and other personal information across multiple Americas regions, was exposed after attackers exploited a zero‑day remote code execution vulnerability (CVE-2026-35273) in Oracle PeopleSoft Enterprise PeopleTools, in a broader campaign impacting more than 100 organizations.[1][2][4][5] ShinyHunters used unauthenticated HTTP access to compromise PeopleSoft servers and steal HR and payroll data before Oracle released an out‑of‑band patch and mitigation guidance.[4][5] From a CyberSE.AI perspective, this incident highlights critical AI supply chain and enterprise SaaS data leakage risk where third‑party HR/ERP platforms that may be integrated with AI agents or analytics pipelines become a high‑value exfiltration point if their vulnerabilities are not tracked and governed. Organizations should treat PeopleSoft and similar systems as part of their AI/data supply chain, maintain SBOM-level visibility, enforce strict network exposure controls, and integrate vendor security advisories and patching (like CVE‑2026‑35273 mitigations) into continuous AI security and data protect