The cybercrime group known as ShinyHunters has claimed responsibility for a widespread hacking campaign targeting Oracle PeopleSoft servers used by more than 100 organizations worldwide. Many of the affected institutions are believed to be universities, raising concerns about the security of sensitive educational and administrative records.

PeopleSoft is a widely used enterprise software platform that assists organizations with payroll management, human resources, financial administration, and other critical business operations. According to reports, the hackers exploited vulnerabilities within the system to gain unauthorized access to valuable information stored on institutional servers.

Members of the cybercriminal group alleged that they obtained a significant amount of data, including student records, financial aid information, health-related documents, immigration details, and administrative files. The stolen information reportedly includes personal identifiers such as home addresses, email addresses, telephone numbers, and dates of birth.

Cybersecurity experts note that the attack reflects a growing trend in which threat actors exploit weaknesses in widely deployed software applications to compromise multiple organizations simultaneously. By targeting commonly used systems, hackers can maximize the scale and impact of a single operation.

The group further claimed that several of the affected institutions had previously suffered breaches through unrelated cyber campaigns. In addition, the hackers disclosed that one of their original objectives was to infiltrate a PeopleSoft server associated with the Federal Bureau of Investigation (FBI), although they stated that the attempt was unsuccessful.

The incident has renewed calls for organizations to strengthen cybersecurity defenses and conduct regular security audits of critical software systems. As investigations continue, affected institutions are expected to assess the extent of the breach and determine whether additional measures are required to protect sensitive information from future attacks.

Source: TechCrunch