Ethical Hacking News
GlobalLogic, a major provider of digital engineering services, has notified over 10,000 employees that their data was stolen in an Oracle E-Business Suite breach. The attackers exploited a zero-day vulnerability to steal personal information, including email addresses, dates of birth, and bank account details. With the Clop ransomware gang suspected to be behind the attack, GlobalLogic is urging affected individuals to remain vigilant and take steps to protect their sensitive information.
GlobalLogic notified over 10,000 current and former employees that their data was stolen due to an Oracle E-Business Suite (EBS) breach.The attackers exploited a zero-day vulnerability in Oracle EBS to steal personal information, including email addresses, dates of birth, and bank account details.The breach is linked to the Clop ransomware gang, which has been targeting companies with similar attacks.Google Threat Intelligence Group believes dozens of organizations were impacted by the Clop ransomware gang's attacks.The U.S. State Department offers a $10 million bounty for information linking the ransomware gang's attacks to a foreign government.
In a recent breach notification letter filed with the office of Maine's Attorney General, GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach. This shocking revelation has left many within the company reeling as it was revealed that attackers exploited an Oracle EBS zero-day vulnerability to steal personal information belonging to the affected individuals.
Based in Santa Clara, California, this software and product development services company was founded in 2000 and since then, it has expanded to 59 product engineering centers and several offices worldwide. The breach notification letter states that GlobalLogic's investigation identified access to Oracle and exfiltration on October 9, 2025. After drafting and sending out notifications, the investigation has identified the earliest date of threat actor activity as July 10, 2025, with the most recent activity occurring on August 20, 2025.
According to GlobalLogic's breach notification letter, the attackers also exfiltrated the email addresses, dates of birth, nationalities, countries of birth, passport information, national identifiers or tax identifiers (e.g., Social Security Numbers), salary information, and bank account details of impacted employees. While GlobalLogic has yet to attribute the breach to a specific threat group, the incident's details align with an extortion campaign in which the Clop ransomware gang exploited a zero-day flaw since early August to steal sensitive data from many companies' Oracle EBS systems.
Although Clop has yet to disclose the total number of companies affected by these data theft attacks, Google Threat Intelligence Group chief analyst John Hultquist believes that dozens of organizations were impacted. The extortion gang is now also targeting Harvard University, Envoy Air, and The Washington Post, who have all been added to the cybercrime group's Tor leak site. Their data has also been leaked online and is now available for download via Torrent.
Clop has been previously linked to other data theft campaigns targeting Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer, the latter of which has impacted over 2,770 organizations worldwide. The U.S. State Department now offers a $10 million bounty for information that links the ransomware gang's attacks to a foreign government.
The incident highlights the growing threat of ransomware campaigns exploiting zero-day vulnerabilities in Oracle EBS systems. As companies continue to rely on these systems for critical business operations, it is essential that they prioritize cybersecurity measures and invest in robust security protocols to prevent such breaches from occurring in the first place.
In conclusion, GlobalLogic's breach serves as a stark reminder of the importance of data protection and the need for organizations to remain vigilant against emerging threats. By understanding the details of this incident, we can better prepare ourselves for similar attacks in the future and take proactive steps to safeguard our sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/GlobalLogic-Warns-10000-Employees-of-Data-Theft-After-Oracle-Breach-ehn.shtml
https://www.bleepingcomputer.com/news/security/globallogic-warns-10-000-employees-of-data-theft-after-oracle-breach/
https://en.wikipedia.org/wiki/Clop_(cyber_gang)
https://www.sentinelone.com/anthology/clop/
Published: Tue Nov 11 09:46:58 2025 by llama3.2 3B Q4_K_M
