好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内,而且不需要特定的开头。首先,我得仔细阅读文章,抓住主要内容。 文章主要讲的是宾夕法尼亚大学和凤凰城大学遭遇了针对甲骨文E-Business Suite的黑客攻击。宾夕法尼亚大学使用这个平台处理财务事务,发现数据被未经授权访问,并确认涉及个人数据。他们通知了受影响的人,并提供了免费的信用监控服务。凤凰城大学的情况类似,同样通过Oracle EBS被攻击,涉及个人信息泄露。 接下来,我需要把这些信息浓缩到100字以内。重点包括两所大学、攻击目标、受影响的数据类型以及应对措施。确保语言简洁明了,不遗漏关键点。 最后,检查一下字数是否符合要求,并确保内容准确无误。 </think> 宾夕法尼亚大学和凤凰城大学证实遭受针对甲骨文E-Business Suite的网络攻击,涉及未经授权访问数据,包括个人和财务信息。宾大已通知受影响者并提供免费信用监控服务。 2025-12-3 19:17:49 Author: securityaffairs.com(查看原文) 阅读量:4 收藏
University of Pennsylvania and University of Phoenix disclose data breaches
Pierluigi Paganini
December 03, 2025
The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign.
The University of Pennsylvania (Penn) and the University of Phoenix confirmed they were hit in the recent cyberattack targeting Oracle E-Business Suite customers.
Penn explained that it uses Oracle’s E-Business Suite (EBS) platform for supplier payments, reimbursements, ledger entries, and other business operations. After Oracle announced that the flaw could enable unauthorized access, affecting hundreds of organizations worldwide, Penn launched an immediate investigation with cybersecurity experts and notified federal law enforcement.
During the investigation, Penn confirmed that data from its Oracle EBS environment had been accessed without authorization. The University then conducted a detailed review to determine whether personal information was involved. On November 11, 2025, Penn concluded that the recipient’s personal data was among the information taken.
The University of Pennsylvania is notifying impacted individuals, however it did now disclose the total number of affected people.
“Based on our review of the data, we have determined that the impacted information included XXXXXXXX.” reads the data breach notification shared with the Maine Attorney General. “We have found no evidence that any of this information has been or is likely to be publicly disclosed or misused for fraudulent purposes, or otherwise used in a way that could harm you as a result of this incident.”
The university is providing impacted individuals with access to complimentary Experian credit monitoring and remediation services for 24 months at no charge to them.
The University of Phoenix also disclosed a data breach through Phoenix Education Partners.
“The University of Phoenix, Inc., a subsidiary of Phoenix Education Partners, Inc. (including the University, the “Company”), recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform (“Oracle EBS”). The Company is one of a number of organizations, including other academic institutions, from which an unauthorized third-party exfiltrated data by exploiting a previously unknown software vulnerability in Oracle EBS. The incident did not impact the business operations or student programming of the Company.” reads a FORM 8-K filed with SEC.
“While the investigation remains ongoing, at this time, the Company believes that the software vulnerability was used in August 2025 to copy certain data maintained in the Company’s Oracle EBS environment.”
“The Company believes that certain personal information, including names and contact information, dates of birth, social security numbers, and bank account and routing numbers, with respect to numerous individuals was accessed without authorization.” The University of Phoenix added.
Several universities have been affected by the same Oracle’s E-Business Suite (EBS) campaign, including the prestigious Harvard.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
如有侵权请联系:admin#unsafe.sh