The infamous hacking group ShinyHunters has claimed responsibility for breaching Oracle PeopleSoft servers across over 100 entities, including numerous universities, a member of ShinyHunters revealed to TechCrunch on Wednesday. The incidents were initially reported by BleepingComputer.

PeopleSoft is an enterprise application created for managing payroll, human resources, administration, and various business functions. 

This development demonstrates that even as one of the most prominent and active cybercrime organizations currently, ShinyHunters continues to thrive, specializing in large-scale hacks. Their approach involves identifying a flaw in widely-used software, enabling them to target multiple victims simultaneously.

“Data on students, applicants, financial aid, immigration, health, and administrative matters has been extracted,” stated a message reportedly sent by the hacker to one of the affected parties. The hackers asserted they obtained student information, which includes residential addresses, phone numbers, emails, and birth dates. 

The hacker mentioned that the majority of the schools targeted had previously been breached in other, unrelated attacks.

According to the group’s member, their initial objective was to infiltrate an FBI PeopleSoft server, aiming to release a statement disavowing ShinyHunters’ involvement in a series of swatting incidents highlighted by the FBI in a warning last month. This attempt, the member indicated, was unsuccessful.

Oracle did not reply to an inquiry for comments.