general · BleepingComputer
Nissan disclosed a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft zero-day vulnerability. According to breach notifications filed with the California Attorney General's Office, the attack was part of a broader campaign attributed to the ShinyHunters extortion group that targeted hundreds of companies. The compromised data may include employee contact information, banking details, Social Security numbers, tax information, and dependent records for affected individuals in the United States, Canada, Mexico, and Brazil. Nissan stated it is in the early stages of investigation and has not yet determined the full scope of impact.
For Omniware's buyers, this incident underscores critical risks in enterprise resource planning (ERP) and human resources systems that handle sensitive employee and payroll data. Defense contractors, SaaS platforms, and healthcare organizations managing similar PeopleSoft instances should immediately audit their Oracle configurations, apply available mitigations, and verify access logs for suspicious activity. Organizations subject to HIPAA, NIST 800-171, SOC2, or NYDFS requirements must document patch management and incident response procedures, particularly for systems storing personally identifiable information or regulated data. An Omniware engagement can scope vulnerability assessment and access control reviews tailored to your specific compliance obligations.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/nissan-discloses-employee-data-breach-linked-to-oracle-zero-day-attacks/
Source: BleepingComputer
All briefings