Skip to main content
Cybersecurity

Nissan data breach in Oracle PeopleSoft attack offers cybersecurity lessons

Mapping internal- and external-facing systems is key to helping mitigate attacks.

3 min read

TOPICS: Cybersecurity / Security Operations / Hacking

A zero-day exploit of Oracle’s PeopleSoft offerings exposed data at auto manufacturer Nissan, including payroll, tax data, social security numbers, and other sensitive employee information. Is there a lesson here for IT professionals tasked with securing their tech stack?

According to a breach notification submitted by Nissan, the attack reportedly took place between May 27 and June 9. The company said in a statement that it “quickly activated incident response protocols” and has been communicating with authorities about a response.

Lloryn Love-Carter, senior manager of corporate communications at Nissan, wrote in an email to IT Brew: “While the investigation is ongoing, certain employee information was accessed without authorization. We are communicating directly with employees and will provide updates as appropriate.”

The breach. In its notification, Nissan stated that attackers accessed unauthorized data that manages personally identifiable information (PII). The event also involved an “unknown vulnerability” in Oracle’s PeopleSoft software.

Gary Orenstein, chief customer officer at password management company Bitwarden, told IT Brew that zero-day vulnerabilities are “square one” of what is typically a multi-stage attack.

“In this case, Oracle PeopleSoft had the zero-day exploit, you would think they have all the resources in the world to protect against these things, but it just shows you that there are human beings in the loop, and so everybody has the potential to be fallible,” Orenstein said. “Most of the exploits that happen in companies are basically identity compromise.”

ID, please. Cybersecurity professionals, Orenstein said, should focus on maintaining strong identity awareness throughout the organizations with tactics like passkeys, which are one of the more secure ways to defend against identity attacks.

Security professionals must also follow foundational cybersecurity protocols to mitigate the impact of zero-day exploits, including the mapping of internal- and external-facing systems so that new vulnerabilities can be quickly identified and eliminated. Additionally, it’s critical to understand all the potential information that vendors can access.

“What it comes down to is a little bit of the hard work, the sweat and the tears,” Orenstein said. “You have to take the time to map this stuff out and document it in a way that’s known within your company, known across your security and other teams.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

By subscribing, you accept our Terms & Privacy Policy.

About the author

Caroline Nihill

Caroline Nihill is a reporter for IT Brew who primarily covers cybersecurity and the way that IT teams operate within market trends and challenges.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

By subscribing, you accept our Terms & Privacy Policy.