GlobalLogic, a Hitachi-owned digital engineering firm, disclosed that personal data of 10,471 current and former employees was stolen in the recent Oracle E‑Business Suite breach. In the breach notification letter filed with the Maine Attorney General, the company said attackers exploited an Oracle EBS zero‑day to access and exfiltrate HR information from its Oracle platform. Confirmed Oracle access and exfiltration were identified on October 9, 2025, with the most recent threat actor activity on August 20, 2025. However, the investigation suggests that the earliest threat actor activity could be traced back to July 10, 2025.
GlobalLogic emphasised that the incident did not target or impact systems outside the Oracle environment and stated that multiple Oracle customers may have been affected in the broader campaign. Stolen data varies by individual but includes names, addresses, phone numbers, and emergency contact details collected as part of HR records. Additional exposed information includes email addresses, dates of birth, nationalities, countries of birth, and passport details, increasing the risk of identity theft and fraud for the impacted individuals.
In some cases, sensitive identifiers such as national or tax IDs, including Social Security numbers, were also taken alongside salary information and bank account details. Upon the confirmation of exfiltration, the company began drafting and issuing notifications advising affected personnel while continuing to investigate the zero-day exploitation against Oracle EBS.
The campaign is linked to the Clop ransomware group’s exploitation of Oracle EBS zero-day vulnerabilities (CVE-2025-61882 and CVE-2025-61884). Clop has named nearly 30 organizations on Clop’s leak site across multiple sectors, including The Washington Post and Allianz UK. Though Oracle released emergency patches in September, many organizations were compromised beforehand. Additionally, the operation is centered more on data theft and extortion rather than just the good old school encryption. Oracle is yet to provide the scale of the breach, and Clop hasn’t included GlobalLogic in its leak site, suggesting there might be more to come.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
