Cybersecurity researchers and partners tied to Google Threat Intelligence and Mandiant report that the ShinyHunters cybercrime group may have accessed sensitive systems at dozens of colleges, with the activity connected to an Oracle PeopleSoft compromise campaign affecting more than 100 organizations. The reporting indicates that about 68% of impacted organizations are colleges or universities, and that organizations either blocked the activity or experienced compromise resulting in stolen data being published on the group’s DLS. Universities including the University of Nottingham confirmed they were among those affected, according to reporting. For higher education institutions, the immediate issue is breach containment and assessment—identifying whether PeopleSoft users were compromised and determining what data types (financial management, human resources, or student-related records) were accessed. The incident also raises operational questions for campus IT leaders about readiness for similar attacks against enterprise systems that support core administrative functions, even when learning platforms are the initial headline target.