Cox Enterprises has confirmed that its Oracle E-Business Suite (EBS) instance was impacted in the recent cybercrime campaign that has targeted many organizations.
Cox did not respond to SecurityWeek’s request for comment when it was listed as a victim of the Oracle EBS campaign on the Cl0p ransomware leak website in late October. However, it did confirm last week to the Maine Attorney General that it was targeted.
The company said the attackers obtained personal information belonging to nearly 9,500 individuals after breaching its Oracle EBS instance between August 9 and August 14.
Cox is a conglomerate with divisions focusing on communications, automotive services, and agriculture. It’s unclear which of these units were impacted by the data breach and whether the compromised information belongs to employees, customers, or partners.
The cybercriminals have made public 1.6 Tb of archives containing files allegedly stolen from Cox.
The number of organizations named on the Cl0p website — apparently as victims of the Oracle EBS hack — has exceeded 100, and nearly half of them are major companies in sectors such as IT, telecommunications, healthcare and pharmaceuticals, heavy industry and manufacturing, automotive and transportation, retail, energy and utilities, and media.
Organizations such as Logitech, The Washington Post, Harvard, Mazda, and American Airlines subsidiary Envoy Air have confirmed being targeted.
However, other large companies have not responded to SecurityWeek’s requests for comment, including Schneider Electric, Emerson, Broadcom, Michelin, Bechtel, Canon, Entrust, LKQ Corporation, and Pan American Silver.
The United Kingdom’s National Health Service (NHS) has confirmed conducting an investigation, but it has yet to confirm a data breach.
Cl0p has been the public-facing group to take credit for the Oracle EBS campaign, but the cybersecurity community has linked the attacks to an unknown cluster of a threat actor tracked as FIN11, which was also responsible for similar operations targeting customers of Cleo, MOVEit, and Fortra file transfer products.
Based on past incidents, organizations are not listed on the Cl0p website without cause, but the actual scope of the breach may be exaggerated by the threat actors to pressure victims into paying a ransom.
Related: CISA Confirms Exploitation of Latest Oracle EBS Vulnerability
Related: Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks
