Digital Event Horizon
Oracle has been embroiled in a cloud-related controversy surrounding two separate alleged data breaches that have exposed thousands of its customers' sensitive personal information. While the company initially denied responsibility for one breach, an anonymous individual claiming to possess compromised authentication data from Oracle Cloud has sparked concerns about the severity and impact of these incidents.
Oracle is facing a cloud-related controversy over two alleged data breaches: one in Oracle Health and another in Oracle Cloud. The breaches are believed to have compromised sensitive customer information, including personally identifiable information (PII) and administrative role assignments. A total of 140,000 tenants – or customers using Oracle Cloud services – are affected by the breach. Oracle initially denied any breach occurred against its cloud infrastructure but later failed to provide a clear statement about the situation.
Oracle, a leading technology giant, is currently embroiled in a cloud-related controversy that threatens to compromise the sensitive personal information of thousands of its customers. According to reports by Bleeping Computer and Spider Labs, two separate data breaches have been alleged, with Oracle Cloud and Oracle Health being the primary targets.
The most recent breach report published by Bleeping Computer revealed that Oracle Health—a health care software-as-a-service business acquired by Oracle in 2022—had learned in February that a threat actor had accessed one of its servers and extracted patient data from US hospitals. Notably, this breach was communicated to affected customers via plain paper notifications, rather than official Oracle letterhead. Furthermore, these notifications were signed by Seema Verma, the executive vice president & GM of Oracle Health.
Meanwhile, an anonymous individual using the handle "rose87168" had published a sampling of approximately 6 million records of authentication data belonging to Oracle Cloud customers. This data was claimed to have been acquired roughly a month prior to its release, with the individual alleging that it was obtained by exploiting a vulnerability in an Oracle Cloud server. Outside security firms have confirmed that this breach is genuine, with researchers assessing the threat as medium confidence and high severity.
The implications of these breaches are substantial, with over 140,000 tenants – meaning customers using Oracle Cloud services – being affected. Trustwave's Spider Labs highlighted that the leaked data includes personally identifiable information (PII) and administrative role assignments, indicating potential high-value access within the enterprise system.
Oracle initially denied any breach occurred against its cloud infrastructure, stating that the published credentials were not for the Oracle Cloud and that no Oracle Cloud customers experienced a breach or lost any data. However, when asked for comment, a spokesperson requested a statement that couldn't be attributed to Oracle in any way, which was declined. As a result, the company is currently maintaining a tight lid on the matter.
The controversy surrounding these breaches raises concerns about Oracle's handling of sensitive customer data and its adherence to industry standards for security and data protection. The lack of transparency from the company has further exacerbated the situation, leaving customers and experts alike scrambling to understand the full extent of the breach.
As this story continues to unfold, it is essential to monitor developments closely, as the breach may have far-reaching consequences for Oracle's reputation and relationships with its customers. It will be crucial to examine the specifics of how these breaches occurred, what measures are being taken by Oracle to mitigate the damage, and whether any further data breaches can be prevented.
Related Information:
https://www.digitaleventhorizon.com/articles/Oracles-Cloudy-Conundrum-Two-Separate-Breaches-Expose-Thousands-of-Customers-Sensitive-Personal-Information-deh.shtml
https://arstechnica.com/security/2025/03/oracle-is-mum-on-reports-it-has-experienced-2-separate-data-breaches/
Published: Fri Mar 28 23:09:00 2025 by llama3.2 3B Q4_K_M
