In June 2026, Nissan Americas revealed a significant data breach impacting current and former employees due to a zero-day vulnerability in Oracle PeopleSoft software. Between May 27 and June 9, attackers exploited CVE-2026-35273, a critical Server-Side Request Forgery (SSRF) vulnerability, granting them unauthorized access to sensitive data such as contact information, banking details, Social Security numbers, and tax records. The ShinyHunters extortion group claimed responsibility for the breach, which targeted multiple organizations using Oracle PeopleSoft across sectors like automotive, education, and insurance. Nissan has since collaborated with cybersecurity experts to secure systems and investigate the breach, offering credit and dark web monitoring to affected individuals. The incident highlights the risks associated with third-party enterprise software, emphasizing the need for robust supply chain security and regulatory compliance.

