In October, it was revealed that the Russian-linked hacking group Clop had stolen data from dozens of organizations through security vulnerabilities in Oracle E-Business Suite software. Among the victims was the American company GlobalLogic, which confirmed the theft of data from current and former employees, including from Ukraine.
In October, it was revealed that the Russian-linked hacking group Clop had stolen data from dozens of organizations through security vulnerabilities in Oracle E-Business Suite software. Among the victims was the American company GlobalLogic, which confirmed the theft of data from current and former employees, including from Ukraine.
GlobalLogic has said the personal data of more than 10,000 current and former employees was compromised in a wave of attacks on Oracle E-Business Suite (EBS) attributed to the Clop group, joining a list of victims that already includes The Washington Post and Allianz UK, The Register reports .
In a statement filed with the Maine attorney general, US company GlobalLogic said 10,471 people were affected after attackers gained unauthorized access to its systems.
In letters sent to victims, which The Register has seen, GlobalLogic acknowledged that the stolen data included names, addresses, Social Security numbers, passport information and bank account details.
According to GlobalLogic, the criminal activity lasted from July 10 to August 20, 2025. This timeline coincides with the findings of the Google Threat Intelligence Group (GTIG) and Mandiant, which also recorded suspicious HTTP traffic directed at Oracle EBS servers starting in early July.
The disclosure makes GlobalLogic one of the latest victims of a large-scale exploitation of Oracle EBS vulnerabilities discovered earlier this year and linked to the cybercrime group Clop. The attackers are believed to have exploited flaws tracked as CVE-2025-61882 and CVE-2025-61884 in Oracle's enterprise resource planning software, targeting organizations that left their systems open to the internet.
The confirmation comes after Clop named nearly 30 organizations that were allegedly exposed in the Oracle EBS campaign on a hacker leak site. The list, seen by The Register, spans sectors from healthcare and consumer electronics to finance, manufacturing, education and media.
As GlobalLogic reported in a comment to DOU, the data theft incident also affected Ukrainian employees, both former and current. It should be noted that GlobalLogic Ukraine has 5,134 employees as of July 2025.
The company explained that after learning about the zero-day vulnerability in Oracle E-Business Suite (EBS), they immediately launched an investigation and confirmed that our Oracle EBS instance had been compromised.
“We quickly activated incident response protocols, engaged leading cybersecurity experts from Mandiant, installed both Oracle patches, and notified U.S. law enforcement of the incident,” GlobalLogic said.
The company has already notified current professionals who may have been affected, including in Ukraine, and is now notifying former professionals. It is also providing a two-year free digital identity protection package to all affected professionals.
