SecureFact – Cyber Security News – Week of March 24, 2025

Oracle is denying claims of a data breach after a threat actor known as rose87168 claimed to be selling 6 million data records allegedly stolen from Oracle Cloud’s federated SSO login servers.
The threat actor provided evidence of access by uploading a text file to an Oracle Cloud server and is selling the data, including encrypted SSO passwords and other sensitive files, on a hacking forum.
They claim to have gained access to Oracle Cloud servers around 40 days ago and even contacted Oracle, demanding a ransom for information on the breach.
Oracle maintains that there has been no breach of Oracle Cloud and that no customers experienced a breach or data loss.

NYU’s website was hacked on Saturday, March 22, 2025, for approximately two hours, exposing personal data of over 3 million applicants dating back to 1989.
The compromised information includes names, test scores, majors, zip codes, family member details, and financial aid information.
The hackers, identifying themselves as “Computer Niggy Exploitation,” displayed charts alleging that NYU continued affirmative action despite the Supreme Court’s ruling against it in 2023, pointing to disparities in average admitted test scores and GPAs based on race.
NYU’s IT team responded, restoring the website and reporting the incident to law enforcement.
This group also leaked University of Minnesota data in 2023. Other universities like Stanford and Georgetown have also experienced similar data breaches in recent years.
NYU has condemned the Supreme Court’s affirmative action ruling and has seen a drop in enrollment from underrepresented minority groups since.

In July 2024, the Pennsylvania State Education Association (PSEA), which represents over 178,000 education professionals, experienced a security breach that compromised the personal information of 517,487 individuals.
The stolen data includes personal, financial, and health information, such as social security numbers, driver’s license data, and payment card details.
The Rhysida ransomware group claimed responsibility for the attack and demanded a 20 BTC ransom.
PSEA is offering affected individuals free credit monitoring and identity restoration services. Rhysida has been linked to other high-profile cyberattacks, including those against the British Library, Insomniac Games, and Lurie Children’s Hospital.

Western Alliance Bank is notifying 21,899 customers about a data breach that occurred in October 2024.
The breach stemmed from a zero-day vulnerability in a third-party vendor’s secure file transfer software.
The attackers accessed and exfiltrated files containing customers’ personal information, including names, Social Security numbers, dates of birth, financial account numbers, driver’s license numbers, tax identification numbers, and/or passport information.
The bank is offering affected customers one year of free Experian IdentityWorks Credit 3B identity protection services.
The Clop ransomware gang has claimed responsibility for the attack, exploiting vulnerabilities in Cleo LexiCom, VLTransfer, and Harmony software.

The data breach at College Hospital Costa Mesa is under investigation by Levi & Korsinsky LLP.
The breach occurred between August 14, 2024, and September 17, 2024, when an unauthorized party accessed sensitive personal and health information on the hospital’s network.
The compromised data includes names, Social Security numbers, dates of birth, driver’s license numbers, and medical information.
The hospital notified affected individuals and is offering complimentary credit monitoring services.
Ransomware group LockBit claimed responsibility for the attack, stating it stole 1,090 GB of data, but the hospital has not confirmed this claim.
Levi & Korsinsky LLP is investigating potential legal actions on behalf of those affected by the breach, highlighting concerns about the hospital’s cybersecurity practices and potential liabilities

Legacy Professionals LLP, an Illinois-based accounting firm, is notifying nearly 217,000 individuals of a health data breach that occurred in April 2024.
The breach, which involved a network server, compromised clients’ employee benefit plan information, including names, Social Security numbers, driver’s license and state ID numbers, and medical treatment and health insurance details.
The firm reported the incident to federal and state regulators on February 28, 2025, and is facing at least five proposed federal class-action lawsuits alleging negligence and delayed notification.
Legacy Professionals is offering affected individuals 24 months of credit and identity monitoring. The breach is the third-largest business associate breach reported to HHS OCR in 2025.