"In a data breach notification letter filed with Maine's attorney general, Penn says attackers exploited a zero-day in Oracle's EBS - the same flaw Clop boasted about abusing to raid hundreds of organizations worldwide - and made off with data stored inside the university's instance of the platform, which it uses to process "supplier payments, reimbursements, general ledger entries, and to conduct other University business.""
"The notification, filed on December 1, confirms that 1,488 Maine residents were among those caught up in the haul, though it offers no total victim count. The description of the compromised data is conspicuously redacted in the template sent to regulators, leaving it unclear what categories of personal information were taken. The Register asked Penn for more details, but did not receive a response by the time of publication."
Clop exploited a zero-day vulnerability in Oracle's E-Business Suite (EBS) to access the University of Pennsylvania's EBS instance and siphon personal data. The university said attackers accessed data used for supplier payments, reimbursements, general ledger entries, and other business functions. Penn investigated, applied Oracle's patches, and alerted federal law enforcement after discovering the theft on November 11. A December 1 notification confirmed that 1,488 Maine residents were among those affected, while the total victim count and specific compromised data categories remain redacted. Dartmouth College reported a similar breach a week earlier, reflecting a broader Clop campaign against unpatched Oracle EBS deployments.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]