Companies are still facing ransom demands from Oracle’s business software data breach, the WSJ reports
A hack that stole sensitive data in Oracle’s business software — which may have started as early as last July, but wasn’t disclosed by the company until October — is still generating ransom demands, per reporting by The Wall Street Journal.
The number of affected organizations seems to be rising, with executives at Harvard University, Canon USA, Mazda, American Airlines unit Envoy Air, and Logitech all receiving emails demanding millions in exchange for the release of data in recent months.
An online extortion group known as Cl0p had been identified as the source of the breach on Oracle’s E-Business Suite, with the hackers reportedly leveraging a security flaw that did not need any fake or stolen sign-in credentials, and leaving responsible teams “zero-days” to fix the vulnerability. By the time Oracle issued software patches in October to prevent further attacks, more than 100 companies were estimated to be affected by the data breach, per the WSJ.
The number of affected organizations seems to be rising, with executives at Harvard University, Canon USA, Mazda, American Airlines unit Envoy Air, and Logitech all receiving emails demanding millions in exchange for the release of data in recent months.
An online extortion group known as Cl0p had been identified as the source of the breach on Oracle’s E-Business Suite, with the hackers reportedly leveraging a security flaw that did not need any fake or stolen sign-in credentials, and leaving responsible teams “zero-days” to fix the vulnerability. By the time Oracle issued software patches in October to prevent further attacks, more than 100 companies were estimated to be affected by the data breach, per the WSJ.
