A hacking group known as ShinyHunters broke into the servers of universities and other organizations around the world by exploiting a newly discovered flaw in widely used campus software. The group took advantage of a critical security hole — tracked as CVE-2026-35273 — in Oracle’s PeopleSoft platform, software used by many colleges and universities to manage student records, HR, and finances. Oracle’s advisory was not published until June 10, meaning the attackers had free rein while the flaw remained unpatched.
ShinyHunters claimed to have stolen data from more than 300 systems across over 100 organizations, then sent ransom demands threatening to publish the stolen information. Roughly 68% of the affected organizations were universities, with the majority in the United States. The University of Nottingham is among the first confirmed victims, with a breach affecting over 450,000 students. Oracle has since released emergency mitigations for the affected versions.
How to check if you’re affected
Affected versions of Oracle PeopleSoft Enterprise PeopleTools are 8.61 and 8.62. If you are a student, faculty, or staff member at a university that uses PeopleSoft, your institution may have received a ransom demand or a notification from Oracle. Watch for official emails from your university’s IT department. If your personal data — such as your name, student ID, address, or financial aid information — was involved, you should receive a formal breach notification. Review any communications from your school carefully and consider placing a fraud alert on your credit file if notified.