Nissan has confirmed a breach of employee data tied to the wave of attacks exploiting a zero-day vulnerability in Oracle E-Business Suite (EBS). The disclosure, reported by BleepingComputer on June 29, 2026, adds the global automaker to a growing list of large enterprises caught up in a mass-exploitation campaign that abused a flaw in Oracle's widely deployed business application platform before a patch was available. Nissan says the intrusion exposed personal information belonging to current and former employees, and the company has begun notifying affected individuals.
What Happened
Nissan disclosed that attackers accessed and exfiltrated data from an internal system running Oracle E-Business Suite, the integrated ERP platform many large organizations use for finance, procurement, and human resources functions. The compromise is linked to the broader Oracle EBS zero-day exploitation campaign, in which threat actors weaponized a previously unknown vulnerability to reach customer environments before Oracle issued a fix.
Because the flaw was a zero-day, defenders had no patch and limited detection coverage during the initial exploitation window. That gap allowed attackers to operate against multiple high-value targets in parallel, and Nissan was identified as one of the impacted automakers. The company moved to investigate, contain the affected system, and notify employees once it confirmed that personal data had been accessed.
What Was Taken
According to the disclosure, the breach involves employee personal information rather than customer or vehicle telematics data. Breaches stemming from ERP and HR-adjacent systems like Oracle EBS typically expose the kind of records those platforms store: names, contact details, employment identifiers, and potentially government ID numbers, payroll, or benefits-related data.
Nissan has framed this as an employee data exposure and is notifying affected individuals directly. The precise volume of records and the exact fields compromised were not fully enumerated in the initial report, but the sensitivity is significant: employee personnel data is durable, hard to rotate, and valuable for identity theft, payroll fraud, and targeted social engineering.
Why It Matters
This incident underscores how a single zero-day in a shared enterprise platform can cascade into breaches across many independent organizations at once. Oracle E-Business Suite sits at the core of finance and HR operations for thousands of large enterprises, making it a high-leverage target: one reliable exploit yields access to sensitive, centralized data stores across an entire victim portfolio.
For defenders, Nissan's disclosure is a reminder that ERP and back-office systems deserve the same threat-intelligence attention as internet-facing web applications. These platforms are often treated as internal and trusted, yet they aggregate exactly the data attackers want. A breach here is not an isolated IT event; it is a strategic exposure of workforce identity data that fuels follow-on fraud and phishing for years.
The Attack Technique
The campaign hinges on exploitation of a zero-day vulnerability in Oracle E-Business Suite. In a zero-day scenario, the attackers identify and weaponize a flaw before the vendor releases a patch, giving them an exclusive window to compromise exposed instances. Once inside the EBS environment, the actors were positioned to access and exfiltrate data held by the application.
Mass-exploitation campaigns of this type typically follow a pattern: rapid scanning to locate vulnerable instances, automated exploitation of the flaw, deployment of access tooling, and bulk data theft. Because EBS handles HR and financial records, attackers can move directly to high-value databases without needing extensive lateral movement. Organizations should treat any unpatched or recently patched EBS instance as a candidate for compromise review.
What Organizations Should Do
- Apply Oracle's security updates for E-Business Suite immediately and confirm that any emergency or out-of-band patches addressing the zero-day are fully deployed across all instances.
- Hunt for compromise: review EBS application, database, and web server logs for anomalous queries, unexpected data exports, new accounts, and outbound connections during the exploitation window, not just from the patch date forward.
- Restrict and segment EBS access so the platform is not reachable from untrusted networks; enforce strong authentication and limit administrative and service-account privileges.
- Inventory and classify the sensitive data stored in ERP and HR systems, and verify that monitoring, alerting, and data-loss controls cover these back-office platforms as rigorously as internet-facing apps.
- Prepare breach-notification and identity-protection workflows for employees, and offer credit monitoring where personnel data exposure is confirmed.
- Build a zero-day response playbook for critical vendor platforms, including rapid patch validation, threat-intel monitoring for active exploitation, and predefined containment steps for high-value ERP systems.
Sources: Nissan discloses employee data breach linked to Oracle zero-day attacks