Accidental data breaches sometimes can happen
Accidental data breach as a fault of PeopleSoft
The Information and Privacy Commissioner of the Northwest Territories delivered recommendations to the Department of Justice. They are related to a breach of privacy involving employee data on PeopleSoft.
For six months, a former staff member have had access to all PeopleSoft accounts of his former colleagues. The Government of the Northwest Territories monitored this former employee’s email without his knowledge or consent. It seems to be a breach of privacy of both the former employee, whose business email was monitored, and his former colleagues who used to report to him.
The Department of Justice explained the situation saying ‘PeopleSoft is hard’. This is not the first time that the Government of the Northwest Territories used the ‘PeopleSoft is hard’ defense.
However, employee rights are defined by legislation, not by the limitations of PeopleSoft.
PeopleSoft applications under cyberattack
A research shows that cybercriminals, hacktivists, and nation-state actors are increasingly targeting enterprise resource planning (ERP) applications, which store highly sensitive data or corporate secrets. Criminals are exploiting old security flaws in management software, thus posing great risks to unpatched business systems.
This year, hackers began exploiting a vulnerability in WebLogic servers, which Oracle fixed last October. They attacked Oracle PeopleSoft ERP systems to make profit from mining crypto currencies.