At a Glance
- Salesforce data exposed via third-party integrations, including Gainsight and Salesloft.
- Ransomware group Clop exploited an Oracle E-Business flaw, targeting hospitals, media, and universities.
- Multiple universities-Penn, Harvard, Princeton-suffered phishing-driven breaches affecting alumni and donor data.
- Why it matters: These attacks reveal the growing threat to cloud services, enterprise software, and academic institutions, putting personal data and operational security at risk.
This year’s cyber-attacks kept the headlines, with breaches spanning cloud services, enterprise software, and higher-education institutions. From Salesforce integrations to Oracle vulnerabilities, attackers exploited both human and technical weaknesses to harvest data and demand ransoms. The scale and variety of these incidents underscore how pervasive cyber threats have become.
Salesforce & Google Breaches
Attackers leveraged third-party Salesforce integrations-Gainsight, Salesloft-to pull data, without breaching Salesforce directly.
Google’s Threat Intelligence Group reported that Google Workspace data was also exposed during the Salesloft breach, a rare instance of Alphabet customer data being compromised.
The breach affected a wide array of companies, including:
- Cloudflare
- Docusign
- Verizon
- Workday
- Cisco
- Bugcrowd
- Proofpoint
- GitLab
- SonicWall
- Adidas
- Louis Vuitton
- Chanel
TransUnion also reported a breach that exposed information of 4.4 million people, including names and Social Security numbers.
The spree was carried out by Scattered Lapsus$ Hunters, a potential amalgam of Scattered Spider, Lapsus$, and ShinyHunters.
Researchers note the group isn’t a one-to-one evolution of those names, but it maintains a data leak site where stolen data is previewed and used for digital extortion.
Clop’s Oracle E-Business Hacking Spree
**Clop, a ransomware group known for exploiting vulnerabilities, targeted Oracle‘s E-Business internal management platform.
Oracle patched the flaw in early October, yet Clop had already stolen data from hospitals, media outlets like The Washington Post, and universities such as the University of Pennsylvania.
The group used stolen employee data-including executive identities-to threaten senior staff with ransom demands, demanding millions of dollars to delete the data instead of publishing it.
University Breaches
The University of Pennsylvania disclosed a breach in early November that traced back to a phishing attack at the end of October.
The incident compromised personal data of students, alumni, and donors, including internal documents and financial information.
The attacker sent email blasts describing Penn as “woke” and criticizing its focus on “legacies, donors and unqualified affirmative action admits.”
The Verge reported that the hacker may have been financially motivated.
Harvard’s Alumni Affairs and Development office was breached via a phone-based phishing attack, exposing personal information of alumni, partners, donors, parents of current and former students, some current students, faculty, and staff.
The data included email addresses, phone numbers, physical addresses, event attendance records, donation and fundraising details.
Princeton University experienced a similar attack in the same month, though the scope appeared more limited.
| University | Disclosure Date | Attack Type | Data Exposed |
|---|---|---|---|
| University of Pennsylvania | Early November | Phishing | Personal data, internal documents, financial info |
| Harvard | November | Phone-based phishing | Alumni, donors, parents, staff info |
| Princeton | November | Phishing | Limited scope |
Key Takeaways
- Attackers continue to target cloud integrations, exposing customer data across major companies.
- Ransomware groups like Clop exploit software vulnerabilities before patches are applied, demanding massive ransoms.
- Higher-education institutions remain vulnerable to phishing, risking sensitive alumni and donor information.
These incidents highlight the critical need for robust security practices across all sectors, as attackers refine tactics to exploit both technology and human factors. Organizations must prioritize patch management, phishing awareness, and secure integration practices to mitigate these evolving threats.
