Oracle’s $ORCL ( ▼ 1.17% ) business software breach is not just a “we patched it and moved on” situation.
According to The Wall Street Journal, companies are still receiving ransom demands tied to the Oracle hack that stole sensitive data from Oracle’s business software systems, a breach that may have begun as early as July but was not disclosed until October.
The Breach Is Still Rippling Through Corporate America
Per the report, ransom-related emails have recently been sent to executives at multiple major organizations, including:
Harvard University
Canon USA
Mazda
Envoy Air (an American Airlines unit)
Logitech
The demands reportedly ask for millions of dollars in exchange for not releasing stolen data.
That suggests the fallout is continuing to spread, and the number of affected organizations may be rising.
Cl0p Reportedly Behind It
The extortion group identified as the source of the breach is Cl0p, which has been linked to multiple high-profile cyber extortion campaigns.
WSJ reports the hackers targeted Oracle’s E-Business Suite and exploited a security flaw that did not require stolen credentials, meaning attackers could potentially gain access without the usual phishing or login theft playbook.
That’s the nightmare scenario for corporate IT: no password compromise required.
Oracle Patched It, but the Damage Was Done
WSJ reported the attackers effectively gave “zero-days” to responsible teams to fix the vulnerability, meaning there was minimal time to respond before damage spread.
Oracle issued patches in October to prevent further attacks, but by the time the fixes went out, the breach had already impacted over 100 organizations.
Bottom line: even though Oracle has patched the vulnerability, the hack is still active in the real world through extortion. The breach may be over technically, but the financial and reputational pressure campaign is still running.