US-headquartered GlobalLogic has notified thousands of current and former employees that their data was compromised in a recent large-scale data extortion campaign.
According to a notification letter posted to the Office of the Maine Attorney General, the Hitachi-owned software company informed 10,471 individuals about the data breach, which targeted its Oracle E-Business Suite (EBS) platform.
“Oracle issued a security advisory on October 4, 2025, about a previously unknown zero-day exploit. GlobalLogic uses Oracle EBS, a collection of applications, to manage core business functions such as finance, HR, accounts payable and receivable,” the breach notification letter read.
“As soon as we learned of the vulnerability, GlobalLogic immediately investigated and determined that it had been exploited within our instance of Oracle.”
Read more on Oracle EBS campaign: NCSC: Patch Critical Oracle EBS Bug Now
The firm patched the zero-day bug, but its investigation confirmed that data had been exfiltrated on October 9 2025.
Oracle had confirmed that threat actors were likely exploiting “vulnerabilities” on October 2, with Google Mandiant confirming the news four days later.
Phishing Risk For Employees
“The personal information involved in this incident was from our Oracle platform, which includes HR information for current and former personnel,” the notification letter continued.
“That information includes personal information collected as part of Human Resources, and could involve the following information of yours: name, address, phone number, emergency contact (name and phone number), email, date of birth, nationality, country of birth, passport information, internal GlobalLogic employee number, national identifier or tax identifier such as Social Security Number, salary information, bank account information, and routing number.”
This kind of information would be a treasure trove for threat actors looking to launch follow-on phishing campaigns impersonating GlobalLogic and other organizations, or to commit identity fraud.
The firm didn’t share whether it had been contacted by the threat group behind the campaign, the notorious Cl0p outfit. However, Google said it’s aware of dozens of victims, although the final tally could be over 100.
The only other victim organizations to have been identified publicly to date are Harvard University and Envoy Air.
Image credit: CryptoFX / Shutterstock.com