A newly discovered Oracle PeopleSoft vulnerability was used to break into university systems and steal sensitive data. Here’s what happened, who was affected, and what you can do to better protect your information.
Table of Contents
What Happened?
The vulnerability, tracked as CVE-2026-35273, affected Oracle PeopleSoft Enterprise PeopleTools — software that many universities and large organizations use to manage employee, student, and administrative records. The flaw allowed attackers to take control of vulnerable servers through the internet without needing a password.
Researchers from Google’s Mandiant security team said the attackers targeted more than 100 organizations. Most of the affected organizations were colleges and universities in the United States.
Who Was Affected and What Data Was Leaked?
One of the first confirmed victims was the University of Nottingham. The university confirmed that data was stolen during the attack.
According to breach-tracking service Have I Been Pwned, the leaked data included approximately 455,000 unique email addresses. The stolen information reportedly contained:
- Names
- Email addresses
- Home addresses
- Phone numbers
- Passport numbers
- Information related to ethnicity
- Information related to disabilities
The university said the breach affected both current students and former students.
Information like passport numbers, addresses, and phone numbers can be valuable to criminals. It may be used in phishing emails (messages designed to trick people into sharing information), identity theft attempts, or impersonation scams.
It is also important to remember that many people never learn their information was involved in a data breach. Some incidents receive little public attention, while others are discovered months later.
If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier.
Futureproof monitors your email 24/7 for data leaks and gives clear steps to secure your account from scams.
Futureproof scans your data for leaks and shows exactly how to close security gaps — before scammers find them first.
Check my safetyHow Did the Attack Happen?
The attackers exploited a software vulnerability (a security flaw that can be abused by criminals) in Oracle PeopleSoft.
Researchers said the flaw allowed remote code execution (a security issue that lets attackers run commands on a server from a distance). The vulnerability required no login credentials and no action from users. Attackers only needed internet access to the affected system.
After gaining access, the group installed remote management tools, moved through internal systems, and collected data before transferring it outside the victim organizations. Researchers also found signs that the attackers used automated scripts to spread through networks and search for additional systems to access.
At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
