Oracle E-Business Suite customers hit by data theft breach
Incident
Summary
Hide ▲
Show ▼
LKQ confirmed a cyber-attack targeting Oracle E-Business Suite (EBS) that compromised personal information of more than 9,070 people. The company said the intrusion occurred on August 9 and was discovered on October 3, and it responded by taking the Oracle EBS environment offline and offering two years of credit monitoring. The incident is part of the broader Clop campaign against Oracle EBS customers.
Related Happenings
BlackFile victims' Salesforce and SharePoint data leak
Data Leak
First: 24.04.2026 21:26
Last: 24.04.2026 21:26
Sources 1
About this happening:
BlackFile's **stolen documents** were published on a **dark web leak site**, exposing employee and business records taken from **Salesforce** and **SharePoint** environments. The...
BlackFile victims' Salesforce and SharePoint data leak
Data LeakAbout this happening: BlackFile's **stolen documents** were published on a **dark web leak site**, exposing employee and business records taken from **Salesforce** and **SharePoint** environments. The...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target Trend
First: 17.03.2026 23:41
Last: 17.03.2026 23:41
Sources 1
About this happening:
**Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target TrendAbout this happening: **Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
Madison Square Garden hit by network compromise linked to Cl0p
Incident
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
About this happening:
**Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Madison Square Garden hit by network compromise linked to Cl0p
IncidentAbout this happening: **Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Ingram Micro hit by ransomware attack
Incident
First: 19.01.2026 15:33
Last: 19.01.2026 15:33
Sources 1
About this happening:
**Ingram Micro** disclosed a **ransomware attack** that led to **unauthorized file theft** from internal repositories and a breach affecting **over 42,000 individuals**. The incid...
Ingram Micro hit by ransomware attack
IncidentAbout this happening: **Ingram Micro** disclosed a **ransomware attack** that led to **unauthorized file theft** from internal repositories and a breach affecting **over 42,000 individuals**. The incid...
Rising encryptionless extortion incidents against enterprises in 2025
Target Trend
First: 15.01.2026 17:45
Last: 15.01.2026 17:45
Sources 1
About this happening:
**Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Rising encryptionless extortion incidents against enterprises in 2025
Target TrendAbout this happening: **Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Timeline
-
14.10.2025 15:47 5 articles · 7mo ago
Harvard listed on Cl0p leak site for Oracle EBS campaign
Victim Impact UpdateHarvard University was listed on the Cl0p ransomware leak site on October 12, and Harvard later confirmed being targeted in the Oracle E-Business Suite (EBS) campaign. Harvard said the incident appears to affect a limited number of parties associated with a small administrative unit, that the vulnerability exploited by the hackers has been patched, and that there is no evidence of other systems being compromised. The leak site also pointed to more than 1.3 TB of archive files allegedly stolen from Harvard.
Show sources
- Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack — www.securityweek.com — 14.10.2025 15:47
- American Airlines subsidiary Envoy confirms Oracle data theft attack — www.bleepingcomputer.com — 17.10.2025 22:11
- GlobalLogic warns 10,000 employees of data theft after Oracle breach — www.bleepingcomputer.com — 11.11.2025 17:24
- Penn and Phoenix Universities Disclose Data Breach After Oracle Hack — www.securityweek.com — 03.12.2025 13:30
- US Autoparts Maker LKQ Confirms Oracle EBS Breach — www.infosecurity-magazine.com — 17.12.2025 13:00
-
10.10.2025 13:15 1 articles · 7mo ago
Oracle EBS intrusion activity begins
Campaign Scope UpdateOracle E-Business Suite customer environments saw intrusion activity as early as July 10, 2025, and GTIG considered it plausibly an early attempt to exploit Oracle EBS servers.
Show sources
- Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit — www.infosecurity-magazine.com — 10.10.2025 13:15
-
10.10.2025 13:15 2 articles · 7mo ago
CVE-2025-61882 exploitation and data exfiltration
Exploitation ObservedAttackers began exploiting CVE-2025-61882 against Oracle E-Business Suite customers as early as August 9, 2025, and GTIG said the Clop ransomware group likely exfiltrated a significant amount of data.
Show sources
- Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit — www.infosecurity-magazine.com — 10.10.2025 13:15
- Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit — www.infosecurity-magazine.com — 10.10.2025 13:15
-
10.10.2025 13:15 2 articles · 7mo ago
Extortion emails reach executives at several organizations
Victim Impact UpdateAn individual or group claiming to work with Clop sent extortion emails to executives at several organizations beginning on September 29, and the messages used [email protected] and [email protected].
Show sources
- Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit — www.infosecurity-magazine.com — 10.10.2025 13:15
- Harvard investigating breach linked to Oracle zero-day exploit — www.bleepingcomputer.com — 13.10.2025 14:14
-
10.10.2025 13:15 1 articles · 7mo ago
Oracle warns EBS customers
Initial DisclosureOracle warned customers on October 2, 2025 that attackers were exploiting unpatched vulnerabilities addressed in the July Critical Patch Update against Oracle EBS environments.
Show sources
- Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit — www.infosecurity-magazine.com — 10.10.2025 13:15
-
10.10.2025 13:15 1 articles · 7mo ago
Oracle releases emergency CVE-2025-61882 patch
Mitigation Patch UpdateOracle released an emergency patch on October 4, 2025 for CVE-2025-61882, the unauthenticated remote code execution flaw affecting Oracle E-Business Suite versions 12.2.3-12.2.14.
Show sources
- Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit — www.infosecurity-magazine.com — 10.10.2025 13:15
-
09.10.2025 03:00 1 articles · 7mo ago
GTIG links the Oracle EBS campaign to Clop
Attribution UpdateGTIG analysis published on October 9, 2025 said indicators linked the extortion campaign against Oracle E-Business Suite to Clop, also tracked as FIN11, including the Clop DLS email addresses and GOLDVEIN.JAVA similarities.
Show sources
- Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit — www.infosecurity-magazine.com — 10.10.2025 13:15