Cox Enterprises Hit by Oracle EBS Data Breach
▼ Summary
– Cox Enterprises suffered a data breach after hackers exploited a zero-day vulnerability in Oracle E-Business Suite between August 9-14, 2025.
– The company detected the suspicious activity on September 29, 2025, and launched an internal investigation after the intrusion occurred.
– The Cl0p ransomware group claimed responsibility for the attack and published stolen data on their dark web leak site on October 27.
– Cox is offering 12 months of free identity theft protection and credit monitoring to 9,479 affected individuals through IDX.
– Multiple other organizations, including Logitech and Harvard University, have confirmed breaches related to the same Oracle E-Business Suite vulnerability.
Cox Enterprises has begun notifying thousands of individuals that their personal information was compromised following a sophisticated cyberattack. The breach occurred after hackers exploited a previously unknown security flaw in Oracle’s E-Business Suite, a platform Cox uses for back-office operations. Although the intrusion took place in August 2025, the company did not detect the suspicious activity until late September, prompting an immediate internal investigation.
According to the official notice, the attackers leveraged a zero-day vulnerability in Oracle’s software between August 9 and August 14, 2025. Cox Enterprises, a diversified conglomerate with significant holdings in telecommunications and automotive services, employs approximately 55,000 people and reports annual revenues around $23 billion. The company’s delayed discovery of the breach highlights the stealthy nature of the attack.
While Cox has not publicly identified the perpetrators, the Cl0p ransomware group has claimed responsibility for the incident. This group is notorious for weaponizing zero-day vulnerabilities in widely-used enterprise software long before vendors release security patches. In this case, Oracle issued a fix for the flaw, identified as CVE-2025-61882, on October 5, weeks after the initial exploitation.
Cl0p has a well-documented history of targeting undiscovered vulnerabilities in popular platforms. Previous campaigns include attacks against Cleo file transfer software in 2024, MOVEit Transfer and GoAnywhere MFT in 2023, SolarWinds Serv-U FTP in 2021, and Accellion FTA in 2020. The group’s consistent ability to identify and exploit such weaknesses makes them a persistent threat to organizations worldwide.
Several other major companies have also confirmed breaches linked to Oracle E-Business Suite vulnerabilities, including Logitech, the Washington Post, GlobalLogic, Envoy Air, and Harvard University. On October 27, Cl0p added Cox Enterprises to its dark web data leak site and published stolen information. Just recently, the group listed 29 new victim organizations across the automotive, software, and technology sectors.
Cox is offering affected individuals, numbering 9,479, complimentary identity theft protection and credit monitoring services through IDX for one year. The company’s sample breach notification submitted to regulators did not specify the exact types of personal data exposed. Cox continues to work with cybersecurity experts and law enforcement as the investigation proceeds.
(Source: Bleeping Computer)
