Accidental Data Breach
PeopleSoft News Round-up is a monthly news overview that gives an insight into the PeopleSoft-related events as well as brief summaries and links to articles on PeopleSoft security for July, 2018.
Accidental data breach as a fault of PeopleSoft
Canliiconnects on July 5, 2018
The Information and Privacy Commissioner of the Northwest Territories delivered recommendations to the Department of Justice. They are related to a breach of privacy involving employee data on PeopleSoft.
For six months, a former staff member have had access to all PeopleSoft accounts of his former colleagues. The Government of the Northwest Territories monitored this former employee’s email without his knowledge or consent. It seems to be a breach of privacy of both the former employee, whose business email was monitored, and his former colleagues who used to report to him.
The Department of Justice explained the situation saying ‘PeopleSoft is hard’. This is not the first time that the Government of the Northwest Territories used the ‘PeopleSoft is hard’ defense.
However, employee rights are defined by legislation, not by the limitations of PeopleSoft.
15 new security fixes for PeopleSoft in July Critical Patch Update
eWeek on July 18, 2018
The Critical Patch Update for July fixes 334 vulnerabilities across the company’s product portfolio. It contains 15 new security fixes addressing Oracle PeopleSoft Products. HAckers may exploit 11 of the vulnerabilities over a network without entering user credentials.
Companies must implement the patches as soon as possible.
PeopleSoft applications under cyberattack
KITCO on July 25, 2018
A research shows that cybercriminals, hacktivists, and nation-state actors are increasingly targeting enterprise resource planning (ERP) applications, which store highly sensitive data or corporate secrets. Criminals are exploiting old security flaws in management software, thus posing great risks to unpatched business systems.
This year, hackers began exploiting a vulnerability in WebLogic servers, which Oracle fixed last October. They attacked Oracle PeopleSoft ERP systems to make profit from mining crypto currencies.