Industry - Data Breach
Executive Summary
The ShinyHunters extortion gang is exploiting vulnerabilities in Oracle PeopleSoft servers to steal data from over 100 organizations, primarily in the education sector, with at least one university confirming a breach. The attackers claim to be using a combination of old and zero-day vulnerabilities to access both cloud and on-premises systems, then demanding ransom from victims. Organizations running PeopleSoft for managing HR, payroll, finance, and student data are affected, though Oracle h...
What Happened
The ShinyHunters extortion gang exploited vulnerabilities in Oracle PeopleSoft servers to steal data from over 100 organizations, primarily universities and educational institutions. The attackers used what they describe as a combination of old and zero-day vulnerabilities to access both cloud-based and on-premises PeopleSoft systems beginning around June 2026. At least one victim, Nottingham University, has publicly confirmed the breach and had stolen data published on ShinyHunters' leak site.
Who Is Affected
Organizations using Oracle PeopleSoft software are affected, with educational institutions comprising the majority of victims. The compromised systems manage sensitive information including human resources records, payroll data, financial information, supply chain details, and student administration data. Nottingham University is the only publicly confirmed victim thus far, though the attackers claim to have breached 300 instances across more than 100 organizations.
Why It Matters
This incident demonstrates that enterprise resource planning systems handling highly sensitive employee, student, and financial data remain vulnerable to exploitation through unpatched vulnerabilities. The scale of the attack - potentially affecting over 100 organizations through a single software platform - shows how targeting widely-used enterprise software can create cascading privacy breaches across multiple sectors. The involvement of zero-day vulnerabilities means organizations may have been unable to defend against these attacks even with current security patches applied.
What You Should Do
If you are affiliated with an organization using Oracle PeopleSoft, contact your IT department to confirm whether your instance has been compromised and what data may have been exposed. Monitor your financial accounts, payroll deposits, and credit reports for unauthorized activity, especially if your employer or educational institution uses PeopleSoft for HR or finance functions. Consider placing fraud alerts or credit freezes if you are notified that your personal information was included in stolen data, and remain vigilant for phishing attempts that may use leaked information to appear legitimate.
Summary generated from verified sources and reviewed before publication. How we summarize.
Related Events
- Industry - Data BreachJun 7, 2026
HVAC/R wholesale distributor Baker Distributing Company suffered a data breach i...
- Industry - Data BreachMay 18, 2026
7-Eleven confirmed a data breach after the hacking group ShinyHunters demanded r...
- Industry - Data BreachMay 12, 2026
In May 2026, real estate services firm Cushman & Wakefield was targeted by the S...