Cybersecurity Incident at Oracle: ShinyHunters Hit 100+ Organizations While Oracle Pretends Nothing Happened

Cybercriminals linked to the ShinyHunters gang have breached Oracle PeopleSoft servers across more than 100 organizations, stealing sensitive data including student records, employee information, financial aid details, health records, and immigration data. The attack exploited a chain of old vulnerabilities and at least one zero-day, with Nottingham University alone losing 40 gigabytes of data. Despite the severity, Oracle did not issue a public warning or acknowledgment until after the breach was made public by the hackers on June 9. The hackers initially targeted an FBI portal running PeopleSoft but shifted focus to universities and businesses, many of which operate in the education sector. Nottingham University confirmed unauthorized activity on its systems, describing the breach as a theft of student records, employee data, and alumni information. The stolen data, now published online, includes names, addresses, phone numbers, dates of birth, health information, and financial details. Oracle finally released an emergency patch on June 10 for a critical vulnerability (CVE-2026-35273), which allows unauthenticated attackers to fully compromise PeopleSoft systems. The patch came after the attacks were already underway, with the vulnerability scoring a CVSS rating of 9.8—classified as critical. Oracle had previously patched other PeopleSoft flaws in April and January, but the breaches continued, affecting hundreds of organizations. ShinyHunters operates by exploiting vulnerabilities in widely used software, compromising as many victims as possible before demanding ransom payments. The group has targeted major companies like Microsoft and AT&T in the past and has demonstrated a pattern of mass hacking. Affected organizations are now scrambling to analyze logs, reset passwords, activate incident response teams, and notify students, employees, and regulators of the breach. The stolen data from Nottingham University is already circulating on the dark web, posing long-term risks for affected individuals. Oracle’s delayed response and lack of transparency have left customers facing significant financial and reputational damage, despite trusting the company to protect their data. The incident underscores broader concerns about Oracle’s cybersecurity practices and its ability to prevent large-scale breaches.