What happened
A large-scale cyberattack targeting Oracle E-Business Suite (EBS) customers resulted in data theft and extortion attempts affecting more than 100 organizations across multiple industries. The campaign has been attributed to the Cl0p ransomware and extortion group, which exploited zero-day vulnerabilities in Oracle’s enterprise software to access sensitive data stored by victim organizations. Attackers later published torrent files on a leak site containing data allegedly stolen from victims who refused to pay ransom demands. While many affected companies confirmed data breaches and began notifying impacted individuals, several major firms — including Broadcom, Bechtel, Estée Lauder, and Abbott Laboratories — have not issued public statements regarding potential impact or ongoing investigations.Â
Who is affected
Organizations using Oracle E-Business Suite across sectors such as technology, finance, manufacturing, and energy are affected, along with individuals whose data may have been stored within compromised enterprise systems.Â
Why CISOs should care
The incident highlights the scale of third-party software compromise, where exploitation of widely used enterprise platforms can expose large volumes of data across multiple organizations simultaneously.Â
3 practical actions
- Assess Oracle EBS exposure. Identify systems using Oracle EBS and evaluate potential risk from the campaign.Â
- Investigate potential data access. Review logs and indicators for unauthorized access to enterprise data stored in EBS environments.Â
- Monitor extortion leak sites. Check whether organizational data appears in publicly released datasets.Â
For more coverage of major security incidents affecting organizations worldwide, explore our reporting on Data Breaches.