Strauss Borrelli PLLC, a leading data breach law firm, is investigating Oracle regarding its recent cybersecurity incident. The Oracle cybersecurity incident may impact the privacy of sensitive personal information belonging to an undetermined number of individuals.
ABOUT ORACLE:
Oracle is a cloud technology company based in Texas. Founded in 1977, Oracle offers computing infrastructure and software to businesses and organizations, including its autonomous database and cloud infrastructure to help organize and secure customers’ data.4 In the 2024 fiscal year, Oracle made $53 billion in revenue.5 Headquartered in Austin, Texas, Oracle employs over 150,000 individuals worldwide.
WHAT HAPPENED?
Recently, it was reported by online sources that Oracle had experienced a data breach impacting the privacy of its customers’ data. According to these sources, an individual claims to have “breached Oracle Cloud servers and [started] selling the alleged authentication data and encrypted passwords of 6 million users,” offering to trade some of the data for assistance in decrypting the files.1 Oracle has denied the existence of a breach like this.2
Additionally, “Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a “legacy environment” last used in 2017, Bloomberg reported.”3 In the notice to customers, Oracle shares that an attacker used compromised customer credentials to hack into legacy Cerner data migration servers sometime after January 22, 2025.3 While Oracle has claimed that this old data is not sensitive, the threat actor behind the attack has also shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum.1
As of April 4, 2025, Oracle has not publicly disclosed the specific nature of the cybersecurity incident or confirmed whether the incident resulted in a data breach.
If you believe that you have been impacted by the Oracle cybersecurity incident:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
