Find notable cyber news and cases, enriched with sources, timelines, and signals.

GlobalLogic Oracle EBS employee HR data leak

Data Leak
First reported
Last updated
Happening score
H score 50
2 unique sources, 2 articles

Summary

Hide ▲

GlobalLogic disclosed that attackers stole personal information from 10,471 current and former employees through its Oracle E-Business Suite (EBS) environment, creating a significant HR data exposure. The stolen records included contact details, dates of birth, national identifiers, salary information, and bank account details. GlobalLogic said the theft was confined to its Oracle platform and did not affect systems outside that environment. The exposure matters because the data can enable identity theft, fraud, and targeted phishing against affected workers.

Related Happenings

Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)

Vulnerability
H score52 First: 29.06.2026 16:46 Last: 29.06.2026 16:46 Sources 1

About this happening: **Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...

Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)

Security Patch Release
H score53 First: 29.06.2026 16:46 Last: 29.06.2026 16:46 Sources 1

About this happening: **Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...

Oracle PeopleSoft broad zero-day exploitation campaign

Exploitation Wave
H score82 First: 29.06.2026 13:00 Last: 29.06.2026 13:00 Sources 1

About this happening: A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...

ShinyHunters Oracle PeopleSoft data theft from 300 instances

Data Leak
H score46 First: 11.06.2026 22:39 Last: 11.06.2026 22:39 Sources 1

About this happening: The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...

Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)

Vulnerability
H score58 First: 11.06.2026 22:39 Last: 11.06.2026 22:39 Sources 1

About this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...

Latest development: 29.06.2026 23:40

Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.

Timeline

  1. 11.11.2025 17:24 1 articles · 8mo ago

    GlobalLogic Oracle intrusion shows earliest activity on July 10, 2025

    Exploitation Observed

    GlobalLogic's Oracle platform showed the earliest identified threat actor activity on July 10, 2025, within the Oracle E-Business Suite zero-day intrusion affecting employee HR data.

    Show sources
  2. 11.11.2025 17:24 1 articles · 8mo ago

    GlobalLogic Oracle intrusion shows most recent activity on August 20, 2025

    Campaign Scope Update

    GlobalLogic's Oracle platform showed the most recent identified threat actor activity on August 20, 2025, extending the same Oracle E-Business Suite zero-day intrusion that exposed employee information.

    Show sources
  3. 11.11.2025 17:24 1 articles · 8mo ago

    GlobalLogic identifies Oracle access and exfiltration on October 9, 2025

    Detection Ioc Update

    GlobalLogic's investigation identified access to Oracle and exfiltration on October 9, 2025, confirming that employee personal information had been removed from the Oracle HR environment.

    Show sources
  4. 11.11.2025 17:24 2 articles · 8mo ago

    GlobalLogic begins employee breach notifications and files Maine disclosure

    Initial Disclosure

    GlobalLogic filed a breach notification with the office of Maine's Attorney General and began notifying over 10,000 current and former employees after attackers exploited an Oracle E-Business Suite zero-day vulnerability to steal personal information belonging to 10,471 employees.

    Show sources