American Airlines subsidiary Envoy caught in Clop’s Oracle EBS raid
Summary
Envoy Air, a subsidiary of American Airlines, has confirmed it was among organisations compromised through vulnerabilities in Oracle E-Business Suite (EBS) as claimed by the Clop extortion group. Envoy says it investigated the incident, contacted law enforcement, and determined no sensitive or customer data was affected; only a limited amount of business information and commercial contact details may have been accessed. The breach did not affect American Airlines’ systems or flight and ground operations.
Clop has added American Airlines to its leak site, and security researchers — including Google Threat Intelligence — believe the attackers had a multi-month head start and impacted dozens of organisations. Oracle has released emergency patches for multiple EBS flaws, including CVE-2025-61882 and CVE-2025-61884, urging customers to apply updates.
Key Points
- Envoy Air confirms its Oracle E-Business Suite instance was compromised in the Clop EBS campaign.
- Envoy reports no customer-sensitive data was exposed; only limited business/commercial contact information may be involved.
- American Airlines’ IT environments and flight/ground operations were not affected, per Envoy’s statement.
- Clop has publicly named American Airlines on its leak site as part of this extortion campaign.
- Google and other researchers say attackers likely had a multi-month lead time and dozens of victims are suspected.
- Oracle has issued emergency patches for EBS vulnerabilities (notably CVE-2025-61882 and CVE-2025-61884); customers are urged to apply updates immediately.
- The campaign echoes Clop’s 2023 MOVEit strike — large-scale supply-chain style data theft and extortion remains a persistent threat.
Why should I read this?
Because if you run Oracle EBS or deal with suppliers that do, this is the kind of mess that can bite you without warning. Patches have been rushed out and researchers say the attackers had months to rummage around — so either check your EBS exposure or get someone who will. Also, yes, Clop is back and still playing the same expensive game.