Oracle logo showcased on the glass facade of its headquarters in Austin, Texas, USA, May 2, 2022. (Adobe Stock Photo)
October 09, 2025, 08:50 PM GMT+03:00
Google, a prominent technology corporation based in the United States, disclosed on October 9, 2025, that a substantial number of businesses were impacted by a severe hacking initiative directed at Oracle, a leading provider of cloud computing and business software solutions. The company emphasized the theft of “mass amounts of customer data,” which has significant implications for organizations utilizing Oracle’s enterprise software for critical operational and financial management tasks.
Headquartered in Austin, Texas, Oracle supports a diverse clientele, including corporations, governmental bodies, and financial services firms globally, with its renowned products like Oracle Cloud Infrastructure and Oracle E-Business Suite facilitating functions such as data management, human resources, accounting, and supply chain logistics. While Google chose not to specify which Oracle products were compromised or name the affected organizations, it confirmed that this incident ranks among the most expansive breaches documented in recent memory. As of yet, Oracle has not made a public announcement addressing the breach.
More to Read
Identified Vulnerability Linked to Oracle E-Business Suite
Investigators have traced the breach to a critical zero-day vulnerability, designated as CVE-2025-61882, within Oracle E-Business Suite, a widely adopted enterprise resource planning (ERP) platform. This vulnerability enabled unauthorized remote code execution, effectively granting attackers comprehensive control over the compromised systems. The Cl0p ransomware group is believed to have exploited this vulnerability in mid-2025, maintaining a low profile until the flaw was publicly disclosed. Oracle issued an emergency patch on October 4, urging all clients to promptly update their systems to mitigate potential risks.
In a departure from traditional ransomware operations, Cl0p did not encrypt the data of its victims. Instead, it exfiltrated sensitive information, encompassing payroll records, vendor contracts, and financial transactions. Many organizations became aware of the compromise only after receiving extortion emails demanding significant ransom payments. In response to the incident, several organizations temporarily deactivated their ERP servers to conduct thorough forensic investigations and implement necessary security updates, resulting in short-term operational disruptions in payroll processing, order management, and financial reporting systems.
The Oracle E-Business Suite logo displayed on a smartphone over U.S. dollar banknotes. (Adobe Stock Photo)
Regulatory Implications and Ongoing Risks
The unauthorized exposure of sensitive business and employee information raises compliance concerns under various privacy regulations, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Organizations that choose not to comply with ransom demands could experience detrimental financial and reputational consequences. Moreover, certain companies found it challenging to apply Oracle’s emergency update immediately, as it required a prior baseline patch from October 2023, prolonging their vulnerability.
In the aftermath of the disclosure, publicly available exploit scripts began to circulate online, leading to a surge of copycat attacks as opportunistic hackers scanned for unpatched Oracle EBS installations.
Recommendations for Immediate Action
In light of the breach, Google’s Threat Intelligence Group (GTIG) and Mandiant have recommended that businesses utilizing Oracle systems take immediate, decisive action to diminish risk exposure and thwart further breaches. Companies are urged to apply the latest security updates from Oracle without delay, proactively monitor networks for unusual activity, and restrict unnecessary Internet access to critical servers. It is also advisable for organizations to review user access logs, reset potentially compromised credentials, and enable multi-factor authentication to bolster account security. The emphasis remains that timely patching and vigilant monitoring are pivotal in defending against ongoing exploitation attempts.
October 09, 2025, 08:53 PM GMT+03:00
