A substantial amount of customer data was stolen in a hack of Oracle’s enterprise software suite, an incident that could have far-reaching ramifications.
According to Google, the breach was carried out by CL0P, a group of cybercriminals responsible for a string of high-profile ransomware attacks. These attacks often target third-party software providers with the goal of pilfering large volumes of corporate data.
The criminals targeted Oracle’s E-Business Suite of applications, which clients use to manage vital operations like logistics, supplier data, and customer information. Google believes that CL0P conducted extensive research into Oracle’s potential vulnerabilities and began extracting data from Oracle clients as early as three months ago.
Because the breach may have gone undetected for such an extended period, the full extent of the damage is still undetermined. Google analyst Austin Larsen told Reuters that “we are aware of dozens of victims, but we expect there are many more.” He noted that due to the scale of CL0P’s previous ransomware campaigns, there were likely more than 100 companies impacted by these attacks.
An Organizational Epidemic
Ransomware attacks have become a global epidemic, impacting organizations of every type and size. Recently, state governments in Nevada and Ohio have both experienced ransomware attacks that disrupted administrative systems and potentially compromised residents’ data.
In addition to public infrastructure, healthcare providers and financial institutions are common targets for ransomware because their systems store vast amounts of personal and sensitive data.
Frequent and Severe
Regardless of the sector, both the frequency and severity of ransomware attacks continue to increase. Data from Trustwave SpiderLabs shows that the percentage of reported ransomware attacks involving U.S. organizations saw a substantial uptick last year—from 51% in 2023 to 65% in 2024.
Several factors contribute to this surge. One is the rise of new technologies such as artificial intelligence, which has supercharged the sophistication and speed of fraud and cyberattacks.
Another is the growing presence of organized groups of bad actors such as CL0P, which can carry out large-scale attacks with precision. While these groups may initially focus on stealing protected data, their ultimate goal is financial gain. Many of Oracle’s clients have reported receiving extortion demands from CL0P, with ransom requests reaching into the millions for the return of stolen company data.
