ctipilot.ch

Home · Briefs · CTI Daily Brief — 2026-07-01

UPDATE: Nissan is the largest named victim yet in the ShinyHunters Oracle PeopleSoft campaign

From CTI Daily Brief — 2026-07-01 · published 2026-07-01

UPDATE (originally covered 2026-06-28 as the NAIC breach): Nissan disclosed that current and former employees' data was exposed via CVE-2026-35273, the Oracle PeopleSoft PeopleTools pre-auth flaw exploited as a zero-day between 2026-05-27 and 2026-06-09 as part of the wider ShinyHunters campaign (SecurityWeek, 2026-06-30). The exposure spans current and former employees in the US, Canada, Mexico and Brazil, potentially including Social Security numbers, banking/direct-deposit information and tax records.

This is a materially different victim profile from the previously-covered NAIC breach — employee HR/payroll PII rather than regulatory data — showing the campaign spreading across both regulatory-body and corporate-HR PeopleSoft deployments. As mitigation, Nissan restricted pay-slip viewing and direct-deposit changes to company-network/VPN-authenticated sessions and is offering credit/dark-web monitoring (BleepingComputer, 2026-06-29). ShinyHunters' self-reported scale of "over 300 PeopleSoft instances across ~100 organizations" is an unverified actor claim — attribute the claim, not confirmed fact. No new technical detail beyond victim-count expansion; the operative guidance from the 2026-06-28 NAIC item stands (patch CVE-2026-35273; remove internet-exposed PeopleSoft PeopleTools from public reachability).