Article Details

GlobalLogic warns 10,000 employees of data theft after Oracle breach. GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach. Based in Santa Clara, California, this software and product development services company was founded in 2000. Since then, it has expanded to 59 product engineering centers and several offices worldwide. In a breach notification letter filed with the office of Maine's Attorney General, the company states that the attackers exploited an Oracle EBS zero-day vulnerability to steal personal information belonging to 10,471 employees. "GlobalLogic's investigation identified access to Oracle and exfiltration on October 9, 2025. We then began drafting and sending out notifications. The investigation has identified the earliest date of threat actor activity as July 10, 2025, with the most recent activity occurring on August 20, 2025," it said. "This incident did not target or impact GlobalLogic's systems outside our Oracle platform, and, based on industry reports, we are one of many Oracle customers believed to have been impacted. The personal information involved in this incident was from our Oracle platform, which includes HR information for current and former personnel." The data stolen in the breach includes personal information collected by GlobalLogic's human resources and, depending on the affected individual, it includes name, address, phone number, and emergency contact (name and phone number). The attackers also exfiltrated the email addresses, dates of birth, nationalities, countries of birth, passport information, national identifiers or tax identifiers (e.g., Social Security Numbers), salary information, and bank account details of impacted employees. Clop's Oracle EBS data theft attacks While GlobalLogic has yet to attribute the breach to a specific threat group, the incident's details align with an extortion campaign in which the Clop ransomware gang exploited a zero-day flaw (CVE-2025-61882) since early August to steal sensitive data from many companies' Oracle EBS systems. Although Clop has yet to disclose the total number of companies affected by these data theft attacks, Google Threat Intelligence Group chief analyst John Hultquist has told BleepingComputer that they believe dozens of organizations were impacted. The extortion gang is now also targeting Harvard University, Envoy Air, and The Washington Post, who have all been added to the cybercrime group's Tor leak site. Their data has also been leaked online and is now available for download via Torrent. Clop has yet to add GlobalLogic to its leak site, which suggests that the company is still negotiating with the threat group or has already paid a ransom. A GlobalLogic spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. Clop has been previously linked to other data theft campaigns targeting Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer, the latter of which has impacted over 2,770 organizations worldwide. The U.S. State Department now offers a $10 million bounty for information that links the ransomware gang's attacks to a foreign government. 7 Security Best Practices for MCP As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe. This free cheat sheet outlines 7 best practices you can start using today.