Hacking group claims breach of Oracle systems at over 100 organizations

The hacking group ShinyHunters claims to have compromised Oracle PeopleSoft servers at more than 100 organizations, including many universities. The group announced the alleged breaches, targeting enterprise resource planning systems used by organizations for human resources, finance, and other administrative functions.

Oracle PeopleSoft is widely deployed across universities, government agencies, and corporations to manage employee records, payroll, and student information. The systems often contain sensitive personal data including Social Security numbers, financial information, and employment records. The scale of the claimed breach suggests potential exposure of data belonging to staff, students, and administrators across multiple institutions.

ShinyHunters has been linked to several high-profile data breaches in recent years. The group typically steals databases from compromised systems and either sells the information or releases it publicly. Previous targets have included major technology companies and online services, with stolen data sometimes appearing for sale on underground forums.

Oracle has not publicly confirmed the breach or commented on the claims. The company provides PeopleSoft as both cloud-hosted and on-premises software, meaning the security of individual deployments can vary depending on how organizations configure and maintain their systems. Universities represent a significant portion of PeopleSoft users, particularly for student information systems and human resources management.

The extent of data accessed and whether the claimed breaches are verified remains unclear. Organizations running PeopleSoft systems will need to assess their security posture and determine if they were affected. The incident highlights ongoing security challenges for enterprise software platforms that store large amounts of personal and institutional data.