Car manufacturer Nissan is the latest to disclose a hack linked to an enterprise planning suite Oracle PeopleSoft zero-day campaign. Serial hacking group ShinyHunters is suspected to be behind the hacks.
In a breach notification filed with the California Attorney General’s Office on Thursday June 25, the Japanese carmaker disclosed that sensitive personal information of hundreds of its employees stored in Oracle PeopleSoft was breached. These included contact and banking information, Social Security numbers, insurance numbers, as well as financial and tax data.
Oracle PeopleSoft is a hybrid and cloud application suite used by its customers for human capital management, such as human resources, labor, and payroll tracking. Earlier this month, Oracle, released an urgent patch alert for a critical zero-day vulnerability tracked as CVE-2026-35273. The flaw, which has been added to CISAs National Vulnerability Database, enables remote code execution when exploited.
A day after the Oracle update, Google Mandiant warned that a threat group it tracks as UNC6240, also known as ShinyHunters, has been exploiting the flaw since May.
How The Attack Worked
The attackers are using pre-configured Windows MeshCentral agent binaries disguised as Microsoft Azure endpoints to run remote management operations, Mandiant said. The hackers are mainly targeting organizations in the U.S., specifically in the education sector. “We initiated notifications to over 100 global organizations whose IP addresses correlated with potentially vulnerable endpoints,” Mandiant said.
On Friday, the National Association of Insurance Commissioners disclosed hackers gained temporary access to its Oracle PeopleSoft systems in June and posted some of the exfiltrated data online. The agency, which is working with the FBI, said that no personal or payment information has been compromised.
ShinyHunters is a criminal group that evolved from an online hacking collective called “The Community,” or “The Com.” The group specializes in social engineering attacks, like imitating IT help desks or call centers to gain access to victim networks. Another spinoff group from The Com called the Scattered Lapsus$ Hunters was behind the 2025 supply chain attack on British auto manufacturer Jaguar Land Rover. The hack resulted in a financial loss of around $260 million for the company.
Responding To The Attack
“Upon learning about this issue, we quickly activated incident response protocols. We have been in communication with authorities throughout our response to this attack,” Nissan Americas said. The company added it has taken steps to prevent unauthorized access and that it is working with investigative agencies to determine the full impact of the hack.
It has further urged its customers to change their passwords, enable multifactor authentication, and alert the company of any suspicious calls or messages.
Nissan Americas, Oracle, and Mandiant did not immediately respond to requests for comment seeking further information.
