Hitachi-owned GlobalLogic admits data stolen on 10k current and former staff
Summary
GlobalLogic, the Hitachi-owned digital engineering firm, has confirmed that personal data for 10,471 current and former employees was stolen in a wave of attacks linked to the Clop cybercrime group. The company told Maine’s attorney general that stolen information included names, addresses, Social Security numbers, passport details and bank account information. GlobalLogic’s investigation places the activity between 10 July 2025 and 20 August 2025, matching research that showed suspicious HTTP traffic targeting exposed Oracle E-Business Suite (EBS) servers from early July. The incident is part of a broader campaign exploiting Oracle EBS flaws (CVE-2025-61882 and CVE-2025-61884) and has hit other organisations including The Washington Post and Allianz UK.
Context and Relevance
The episode underlines how widespread and critical Oracle EBS remains inside enterprises and how rapidly attackers like Clop move to exploit newly disclosed vulnerabilities. Because EBS often integrates payroll, HR and finance systems, breaches of this nature expose highly sensitive data and carry substantial regulatory, financial and reputational risks. The campaign also demonstrates Clop’s focus on mass data theft and public extortion via leak sites rather than traditional encryption-based ransomware.
Key Points
- GlobalLogic confirmed 10,471 affected individuals; exposed data included SSNs, passport info and bank account details.
- Attackers exploited Oracle EBS vulnerabilities (CVE-2025-61882 and CVE-2025-61884) as part of a large-scale campaign attributed to Clop.
- Intrusions spanned 10 July to 20 August 2025; many organisations were likely compromised before Oracle’s emergency patches in September.
- Clop’s tactic centres on data theft and public extortion via leak sites rather than encrypting victims’ systems.
- Other confirmed or named victims include The Washington Post, Allianz UK and nearly 30 organisations listed on Clop’s leak site.
- Organisations should urgently review internet exposure of EBS instances, apply patches, and reassess third-party/outsourcing risk.
Why should I read this
Look — if your business runs Oracle EBS, touches payroll/HR data or relies on third-party providers, this is one to read. Clop is scooping up sensitive employee records and posting leaks; patching and lockdowns won’t fix reputational or identity-theft fallout after the fact. Read it to know the scale, then do the boring but vital stuff: check exposure, patch, and notify people.
Author style
Punchy: This isn’t just another breach. The combination of scale, the type of data stolen and the link to a fast-moving exploit campaign makes it highly significant. If you manage systems that touch finance or HR, stop skimming headlines and act on the detail.