Penn and Phoenix Universities Disclose Data Breach After Oracle Hack

The University of Pennsylvania and the University of Phoenix confirmed on Tuesday that they are among the many victims of the recent cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution.

A probe showed that the hackers gained access to information such as names, contact details, dates of birth, Social Security numbers, and bank account information.

More than 100 organizations have been named as victims of the Oracle EBS attack, and major companies such as Canon, Mazda, Cox, and Logitech have confirmed that they were targeted. Other industry giants, such as Broadcom and Schneider Electric, have yet to issue any public statements on the matter.

Several important questions remain unanswered, including which zero-day vulnerabilities have been exploited and who is behind the attack. The Cl0p ransomware group is the public-facing entity that has taken credit for the attack, but the cybersecurity industry believes an unidentified cluster of the FIN11 threat group is responsible.

To read the complete article see: SecurityWeek