Cybersecurity Incident at Oracle: ShinyHunters Hit 100+ Organizations While Oracle Pretends Nothing Happened

Cybercriminals claim to have breached Oracle PeopleSoft servers at over 100 organizations, stealing sensitive student and employee data. The Silicon Review asks: why is Oracle silent while schools and businesses scramble to contain the damage?

The ShinyHunters extortion gang claims to have stolen data from more than 100 organizations running Oracle PeopleSoft software. Three hundred instances breached. Forty gigabytes of data from Nottingham University alone. Student records. Employee information. Financial aid data. Health records. Immigration details.

And Oracle? Silence.

Let that sink in. A critical vulnerability actually, a chain of old vulnerabilities and at least one zero-day has been used to pillage sensitive data from universities, businesses, and government agencies. Oracle has not issued a public statement. Not a warning. Not an acknowledgment. Just silence while their customers’ burn.

The ShinyHunters gang is not subtle. They left ransom notes on breached servers. They published stolen data on their leak site. They told Bleeping Computer exactly what they did. They are using a "gadget chain" of old vulnerabilities and zero-days to break into PeopleSoft systems.

The hackers originally wanted to breach an FBI portal running PeopleSoft. That attempt failed. So they pivoted to softer targets. Universities. Lots of them. Most victims are in the education sector.

Nottingham University confirmed the breach. Student records. Employee data. Alumni information. Stolen. Published. The university acknowledged "unauthorized activity" on its systems. That is academic language for "hackers walked out with everything."

Oracle finally issued an emergency patch on June 10 for a critical vulnerability tracked as CVE-2026-35273. The vulnerability allows unauthenticated attackers to completely take over PeopleSoft systems. CVSS score of 9.8. That is "critical." That is "patch immediately or assume compromise."

Here is the problem. Oracle released this patch after the attacks were already public. ShinyHunters claimed the breach on June 9. Oracle's emergency patch dropped on June 10. That is not proactive security. That is damage control.

Oracle knew about vulnerabilities. The company has been patching PeopleSoft flaws for months. CVE-2026-22019 in April. CVE-2026-21934 in January. CVE-2026-34299 in April. All of them exploitable. All of them affecting PeopleSoft. And still, over one hundred organizations got hacked.

The ShinyHunters gang specializes in mass hacks. Their business model is simple. Find vulnerability in popular software. Compromise as many victims as possible. Extort them all at once. It worked against PeopleSoft customers. It will work again unless Oracle starts taking security seriously.

Organizations running PeopleSoft are now scrambling. Logs need to be analyzed. Passwords need to be reset. Incident response teams need to be activated. Data breach notifications need to be sent to students, employees, and regulators.

Oracle's customers are paying the price. Literally. PeopleSoft licenses cost millions. Implementation costs millions more. Customers trusted Oracle to keep their data safe. Oracle failed. And Oracle is not apologizing.

Nottingham University's data is already public. Forty gigabytes of student and employee information. Names. Addresses. Phone numbers. Dates of birth. Health information. Financial data. Once data hits the dark web, it never comes back.

This cybersecurity incident is not an isolated event. ShinyHunters has been active for years. The group has hacked Microsoft, AT&T, and hundreds of other companies. They are not going away. And Oracle should have known better.

As cybercriminals claim breach of Oracle PeopleSoft servers at more than 100 organizations, The Silicon Review asks a final question. When Oracle sells software that manages payroll, human resources, and student records, is security included in the price? Or do customers have to discover the hard way that their data was never safe at all?

FAQ:

Q: What happened in the Oracle PeopleSoft cybersecurity incident?
A: The ShinyHunters hacking group claims to have breached Oracle PeopleSoft servers at over 100 organizations and stolen sensitive data.

Q: Who is behind the Oracle PeopleSoft cyberattack?
A: The ShinyHunters extortion gang claimed responsibility for the cybersecurity incident targeting Oracle PeopleSoft customers.

Q: What data was stolen in the Oracle PeopleSoft breach?
A: Stolen data includes student records, employee information, financial aid data, health records, and immigration details from breached organizations.

Q: Has Oracle fixed the vulnerability used in this cybersecurity incident?
A: Oracle released an emergency patch on June 10 for CVE-2026-35273, a critical vulnerability allowing unauthenticated attackers to take over PeopleSoft systems.

Q: Which organizations were affected by the Oracle PeopleSoft hack?
A: Nottingham University confirmed it was a victim, with most affected organizations being in the education sector across more than 100 institutions.

Q: Did Oracle warn customers before the cybersecurity incident occurred?
A: Oracle had patched related vulnerabilities in previous months but did not issue public warnings before ShinyHunters claimed the breach.