University of Pennsylvania Confirms Data Breach Following Oracle Hack
The University of Pennsylvania has confirmed a recent data breach impacting some of its systems, stemming from a compromise of Oracle infrastructure used by several organizations. The university joins a growing list of victims targeted by the Clop ransomware group, wich exploited a vulnerability in Oracle’s systems to steal sensitive data.
This latest incident underscores the escalating threat posed by elegant cyberattacks targeting third-party vendors and the ripple effect on thier clients. The Clop group has a history of exploiting zero-day vulnerabilities in widely used software, impacting thousands of organizations globally. The breach at Penn possibly exposes personal information of students, faculty, and staff, raising concerns about identity theft and fraud.
The Clop ransomware group has claimed responsibility for data thefts from numerous organizations, including logitech, American Airlines subsidiary Envoy Air, and previously, victims utilizing Accellion FTA, GoAnywhere MFT, cleo, and MOVEit Transfer. The MOVEit Transfer attacks alone affected over 2,770 organizations.The group operates by stealing data and then publishing it on dark web leak sites, often making it available for download via Torrent.
The U.S. State Department is offering a $10 million bounty for information leading to the identification of individuals linked to Clop’s attacks and any connections to foreign governments.
A University of Pennsylvania spokesperson stated that they are working with cybersecurity experts to investigate the incident and mitigate any potential harm. The university is notifying affected individuals and providing resources to help protect their personal information.
