Major companies including Nissan and Aflac have disclosed significant data breaches connected to a critical security vulnerability in Oracle software. The breaches highlight growing risks from zero-day exploits—security flaws that companies don't know about until hackers start using them.
Nissan revealed that employee data was compromised through an attack on its Oracle PeopleSoft system. The Japanese automaker's breach involved unauthorized access to personal information stored in the human resources platform. Separately, insurance giant Aflac announced its own data breach after one of its subsidiaries was targeted. Like Nissan, the Aflac breach was connected to the same Oracle security weakness.
The vulnerability exists in Oracle E-Business software, and cybersecurity researchers have confirmed that hackers are now actively exploiting this critical flaw in real-world attacks. This means the weakness isn't just theoretical—criminals are using it right now to break into company systems and steal data.
Oracle zero-day vulnerabilities are particularly dangerous because companies using the software often don't realize they're under attack. The software is widely used across industries for managing business operations, employee records, and financial information. When a zero-day flaw exists, no security patch is available yet, leaving companies vulnerable until the company releases a fix.
These breaches demonstrate how a single software vulnerability can affect multiple large organizations simultaneously. Both Nissan and Aflac serve millions of customers and employ thousands of people, meaning the data exposure could impact many individuals. Employee information typically includes names, addresses, Social Security numbers, and salary details—data that criminals can use for identity theft or selling on dark web markets.
The incidents underscore the importance of cybersecurity in protecting personal information. Companies rely on software vendors like Oracle to keep their systems secure, but when vulnerabilities are discovered, the responsibility falls on both the vendor to release fixes quickly and companies to apply those updates promptly.
For affected employees at Nissan and Aflac, the breaches serve as a reminder that personal data can be exposed even at large, well-established corporations. Security experts recommend that individuals affected monitor their credit reports and financial accounts for suspicious activity.
These breaches are likely to increase attention on how software companies handle security vulnerabilities and how quickly they release patches when critical flaws are discovered. As more companies report attacks using the same Oracle flaw, pressure will mount for faster security responses across the technology industry.