Cl0p Oracle EBS supply chain campaign impacting multiple organizations
Campaign
Summary
Hide ▲
Show ▼
A Cl0p-linked Oracle EBS supply chain campaign is continuing, with around 100 organizations believed affected over the past two months. The growing disclosure list means the operation’s reach now spans major universities, media, and commercial organizations, increasing the risk of follow-on fraud and phishing. The exposed material was later posted on the dark web, reinforcing that the campaign remains operationally active.
Related Happenings
Cl0p Oracle E-Business Suite zero-day extortion campaign
Campaign
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
About this happening:
The **Cl0p ransomware and extortion group** is running an **Oracle E-Business Suite** extortion campaign that used **zero-day vulnerabilities** to access data from **more than 100...
Cl0p Oracle E-Business Suite zero-day extortion campaign
CampaignAbout this happening: The **Cl0p ransomware and extortion group** is running an **Oracle E-Business Suite** extortion campaign that used **zero-day vulnerabilities** to access data from **more than 100...
Madison Square Garden hit by network compromise linked to Cl0p
Incident
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
About this happening:
**Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Madison Square Garden hit by network compromise linked to Cl0p
IncidentAbout this happening: **Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
TikTok U.S. joint venture under September 2025 executive order
Public Sector Action
First: 23.01.2026 13:30
Last: 23.01.2026 13:30
Sources 1
About this happening:
The U.S.-backed **TikTok USDS Joint Venture LLC** now lets **TikTok** keep operating in the **U.S.**, changing ownership and security oversight for a platform used by **over 200 m...
TikTok U.S. joint venture under September 2025 executive order
Public Sector ActionAbout this happening: The U.S.-backed **TikTok USDS Joint Venture LLC** now lets **TikTok** keep operating in the **U.S.**, changing ownership and security oversight for a platform used by **over 200 m...
Barts Health NHS Trust invoice leak on Cl0p leak portal
Data Leak
First: 05.12.2025 20:55
Last: 05.12.2025 20:55
Sources 1
How related:
“A criminal group known as Cl0p stole some files from a database containing invoices and posted them on the dark web. The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years,” it explained.
About this happening:
The **Barts Health NHS Trust** data leak became public when **Cl0p** posted stolen **invoice files** on its **dark-web leak portal**, exposing **full names and addresses** linked...
Barts Health NHS Trust invoice leak on Cl0p leak portal
Data LeakHow related: “A criminal group known as Cl0p stole some files from a database containing invoices and posted them on the dark web. The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years,” it explained.
About this happening: The **Barts Health NHS Trust** data leak became public when **Cl0p** posted stolen **invoice files** on its **dark-web leak portal**, exposing **full names and addresses** linked...
Latest development: 08.12.2025 11:30
Barts Health NHS Trust is seeking a High Court order to stop the sharing, publication or use of invoice files stolen from its Oracle E-business Suite (EBS) database; the trust says Cl0p posted the files on the dark web, and it is working with NHS England, the National Cyber Security Centre, the Metropolitan Police and regulators including the Information Commissioner’s Office while its clinical systems remain unaffected.
Clop ransomware gang campaign expands across multiple victims
Campaign
First: 02.12.2025 14:55
Last: 02.12.2025 14:55
Sources 1
About this happening:
A **Clop** extortion campaign is actively stealing data from **Oracle E-Business Suite** customers using **CVE-2025-61882**, putting multiple organizations at risk of theft and le...
Clop ransomware gang campaign expands across multiple victims
CampaignAbout this happening: A **Clop** extortion campaign is actively stealing data from **Oracle E-Business Suite** customers using **CVE-2025-61882**, putting multiple organizations at risk of theft and le...
Timeline
-
08.12.2025 11:30 2 articles · 5mo ago
Cl0p Oracle EBS campaign reaches Barts Health
Campaign Scope UpdateBarts Health disclosed that Cl0p stole files from an Oracle E-Business Suite (EBS) invoice database and posted them on the dark web, exposing names and addresses linked to people liable for treatment or services. The trust said its electronic patient records, clinical systems and core IT infrastructure were unaffected, that it was working with NHS England, the National Cyber Security Centre, the Metropolitan Police and the Information Commissioner's Office, and that the wider Oracle EBS supply chain campaign has affected around 100 organizations including Harvard University, Allianz UK, The Washington Post, Dartmouth College, University of Pennsylvania, Broadcom and Abbott Laboratories.
Show sources
- Barts Health Seeks High Court Ban After Oracle EBS Breach — www.infosecurity-magazine.com — 08.12.2025 11:30
- Barts Health Seeks High Court Ban After Oracle EBS Breach — www.infosecurity-magazine.com — 08.12.2025 11:30