Cyber Attack on Oracle Exposes Data of Higher-Ed Clients
Cyber Attack on Oracle Exposes Data of Higher-Ed Clients
https://www.govtech.com/education/higher-ed/cyber-attack-on-oracle-exposes-data-of-higher-ed-clients
Publish Date: 2026-06-15 18:41:00
Source Domain: www.govtech.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
For the second time in as many months, the higher-education sector is assessing the damage from a cyber attack by the data extortion group ShinyHunters against a major software vendor.According to a recent blog post from Google Threat Intelligence Group (GTIG) and cybersecurity firm Mandiant, malicious code infiltrated Oracle’s PeopleSoft applications between May 27 and June 9. Colleges, universities and other Oracle customers use PeopleSoft for enterprise resource planning and human capital management.Subsequent data leaks from ShinyHunters show direct correlation with the timeline of the cyber attack on Oracle, according to the blog post. Google’s blog post said GTIG and Mandiant issued alerts to affected organizations, some of which successfully blocked fraudulent activity and addressed the vulnerabilities, while others were compromised and saw data leaked. Additionally, on June 10, Oracle issued its own security alert for PeopleSoft users, letting them know that the software contained a vulnerability that could be exploited remotely and that they might be affected.The number and nature of exposed records were still unclear as of June 15. Oracle counts more than 13,000 colleges and universities as customers, and among more than 100 organizations found to have IP addresses connected to the breach, 68 percent were in the higher-education sector, according to Google’s blog.GTIG recommended that those affected by the breach disable or remove environment management hub services for PeopleSoft servers, or, if disabling was not possible, it said they should block external access at the network or firewall level. GTIG also recommended that administrators check access logs for external source IPs and compromise indicators like JavaServer Pages (.jsp), as well as monitor outbound firewall logs for traffic flowing from PeopleSoft servers to untrusted external destinations.The recent attack on Oracle is consistent with reports that cyber attacks on education are affecting more people than they used to, because culprits are increasingly targeting ed-tech vendors rather than individual institutions. In May, ShinyHunters took credit for a data breach that affected hundreds of schools and universities using Instructure’s Canvas LMS. Last year, a breach of Oracle’s E-Business Suite impacted more than 3.5 million students, faculty and staff at the University of Phoenix. In 2024, hackers used an old login credential to gain access to the software company PowerSchool and steal data from thousands of schools and millions of students.
