Oracle Confirms Hackers Target E-Business Suite Data in Extortion Campaigns

Oracle has confirmed that a group of hackers stole data from its E-Business Suite (EBS) applications and is using the information in extortion campaigns.

The company warns that these attackers exploited vulnerabilities already fixed in the July 2025 Critical Patch Update (CPU).

Oracle strongly urges all customers to apply the latest CPU immediately to defend against further intrusions.

Executives and IT teams at several large organizations have received extortion emails claiming their Oracle EBS data was copied.

The hackers demand ransoms of up to $50 million to prevent public release. Cybersecurity firm Halcyon, which is responding to incidents, says the group identifies itself as linked to the Cl0p ransomware gang.

Victims have received screenshots, file lists, and proofs of stolen records to back up the threats.

Details of the Campaign

The attackers began sending email threats on or before September 29, using hundreds of compromised third-party accounts.

The notes featured ...