RADICAL OPACITY Oracle has reportedly suffered 2 separate breaches exposing thousands of customers PII Alleged breaches affect Oracle Cloud and Oracle Health. Dan Goodin Mar 28, 2025 3:41 pm | 12 Signage stands at the Oracle Corp. headquarters campus in Redwood City, California, on March 14, 2016. Credit: Michael Short/Bloomberg via Getty Images Signage stands at the Oracle Corp. headquarters campus in Redwood City, California, on March 14, 2016. Credit: Michael Short/Bloomberg via Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreOracle isnt commenting on recent reports that it has experienced two separate data breaches that have exposed sensitive personal information belonging to thousands of its customers.The most recent data breach report, published Friday by Bleeping Computer, said that Oracle Healtha health care software-as-a-service business the company acquired in 2022had learned in February that a threat actor accessed one of its servers and made off with patient data from US hospitals. Bleeping Computer said Oracle Health customers have received breach notifications that were printed on plain paper rather than official Oracle letterhead and were signed by Seema Verma, the executive vice president & GM of Oracle Health.The other report of a data breach occurred eight days ago, when an anonymous person using the handle rose87168 published a sampling of what they said were 6 million records of authentication data belonging to Oracle Cloud customers. Rose87168 told Bleeping Computer that they had acquired the data a little more than a month earlier after exploiting a vulnerability that gave access to an Oracle Cloud server.Researchers at outside security firms who have reviewed data provided by rose87168 said it appeared to be genuine. Cloudsek researchers said the firm assesses this threat with medium confidence and rates it as High in severity. In all, they said, more than 140,000 tenantsmeaning customers using Oracle Cloud serviceswere affected.Trustwaves Spider Labs, meanwhile, said the sample of LDAP credentials provided by rose87168 reveals a substantial amount of sensitive IAM data associated with a user within an Oracle Cloud multi-tenant environment. The data includes personally identifiable information (PII) and administrative role assignments, indicating potential high-value access within the enterprise system.Oracle initially denied any such breach had occurred against its cloud infrastructure, telling publications: "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data."On Friday, when I asked Oracle for comment, a spokesperson asked if they could provide a statement that couldnt be attributed to Oracle in any way. After I declined, the spokesperson said Oracle would have no comment.For the moment, theres a stand-off between Oracle on the one hand, and researchers and journalists on the other, over whether two serious breaches have exposed sensitive information belonging to its customers. Reporting that Oracle is notifying customers of data compromises in unofficial letterhead sent by outside attorneys is also concerning. This post will be updated if new information becomes available.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 12 Comments