Oracle Fixes Security Hole in Workplace Software: What Employees and HR Users Should Know

Oracle has released security mitigations for a vulnerability in its PeopleSoft software, which many companies use to manage employee information, payroll, and human resources systems. The vulnerability has been assigned the identifier CVE-2026-35273 (an industry tracking number for this software flaw). There are reports that this security hole may have been exploited by a hacking group called ShinyHunters before Oracle released the fix, though Oracle has not confirmed whether attacks occurred before the patch was available. This primarily affects people who use PeopleSoft systems at work to view pay stubs, update personal information, request time off, or access other employee services. If your employer uses PeopleSoft and the system was compromised, your personal information stored in the HR system could be at risk. This might include your Social Security number, home address, bank account information for direct deposit, salary details, and health insurance information.

If you use PeopleSoft at work, here is what you should do:

1. Watch for communications from your employer's IT department or human resources about security updates or potential data breaches.
2. Change your password for your employee portal or PeopleSoft login if you have not done so recently.
3. Monitor your bank accounts for any unauthorized transactions, especially if your direct deposit information is stored in the system.
4. Check your credit reports for any new accounts or inquiries you did not authorize.
5. Be alert for phishing emails that may use information from your employee profile to appear legitimate. For workplace systems, you often depend on your employer's IT department to apply security updates and protect your data. However, you can still protect yourself by using a strong, unique password for work systems and never sharing your login credentials with anyone. If your company offers two-factor authentication for employee systems, enable it. Report any suspicious activity in your employee account to your IT or HR department immediately. Remember that criminals often target workplace systems because they contain concentrated collections of personal information about many people.