Trending News
How Are Family Offices Building Smarter Wealth? Structural Alpha (11 Examples)
DOJ Rule Restricting Sensitive Data Transfers Takes Effect
The Trump Administration’s Diversity, Equity, and Inclusion (DEI) Executive Orders: A Brief Primer
Trump Administration Announces "Reciprocal" Tariffs
What Every Multinational Company Should Know About … The Global and Reciprocal Tariffs Announcement
Blockading the Ports: U.S. Imposes 10% Global Tariff; Higher Reciprocal Tariff Rates by Country
Fifth Circuit Court of Appeals Negates Ruling on Federal Contractor Minimum Wage
New Executive Order Rescinds the $17.75 Per Hour Federal Contractor Minimum Wage
Medicare Telehealth Gets Another Temporary Lifeline – Will Congress Make it Permanent?
BREAKING: District Court Restores Status Quo Ante At NLRB
HB Ad Slot
HB Mobile Ad Slot
Linn F. Freedman
Email
401-709-3353
Bio and Articles
Find Your Next Job !
Associate Attorney
Health Law Attorney
Senior Vice President and Chief Legal Officer
Explore More Job Openings
HB Ad Slot
CISA Issues Alert on Potential Legacy Oracle Cloud Compromise
by: Linn F. Freedman of - Data Privacy + Security Insider
Thursday, April 17, 2025
Related Practices & Jurisdictions
Print Mail Download />i
BleepingComputer has confirmed the rumor that Oracle has suffered a compromise affecting its legacy environment, including the compromise of old customer credentials (originally denied by Oracle). Oracle notified some affected clients that old legacy data from Oracle Classic (last used in 2017) was involved in the incident. BleepingComputer has reportedly had direct contact with the threat actor, which has “shared data with BleepingComputer from the end of 2024” and posted newer records from 2025 on a hacking forum.
The incident was discovered in late February. According to BleepingComputer, “the attacker allegedly exfiltrated data from the Oracle Identity Manager (IDM) database, including user emails, hashed passwords, and usernames.” The threat actor offered over six million data records for sale on BreachForums on March 20, 2025, alleging the data originated from the Oracle incident.
On April 16, 2025,the Cybersecurity and Infrastructure Security Agency (CISA) released guidanceon the “potential legacy Oracle Cloud compromise.” The guidance confirms that the incident’s scope and impact are uncertain but provides information about the risks associated with compromised credentials.
The Alert states:
The compromise of credential material, including usernames, emails, passwords, authentication tokens, and encryption keys, can pose significant risks to enterprise environments. Threat actors routinely harvest and weaponize such credentials to:
- Escalate privileges and move laterally within networks.
- Access cloud and identity management systems.
- Conduct phishing, credential-based, or business email compromise (BEC) campaigns.
- Resell or exchange access to stolen credentials on criminal marketplaces.
- Enrich stolen data with prior breach information for resale and/or targeted intrusion.
The Alert provides recommendations to organizations “to reduce the risks associated with potential credential compromise.” The recommendations are solid for any credential compromise but particularly relevant to Oracle customers.
Copyright © 2025 Robinson & Cole LLP. All rights reserved.
HTML Embed Code
Current Public Notices
Published: 21 April, 2025
Published: 8 April, 2025
Published: 7 April, 2025
Published: 7 April, 2025
Published: 4 April, 2025
Published: 1 April, 2025
Published: 31 March, 2025
Published: 31 March, 2025
Published: 31 March, 2025
Published: 24 February, 2025
HB Ad Slot
Current Legal Analysis
Reconciliation Reckoning [PODCAST]
by: Joshua C. Zive , Paul Nathanson
U.S. Federal Court Permanently Enjoins Ohio Social Media Age Verification Law From Taking Effect
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
OMB Issues Revised Policies on AI Use and Procurement by Federal Agencies
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Webinar Recording: The European Commissions Proposals to Simplify CBAM and Reduce Administrative Burden on Importers [Video]
by: Ben Squires
CFPB Suggests Shift In Supervision and Enforcement Priorities
by: Christina Grigorian , Stuart M. Richter
HB Ad Slot
HB Mobile Ad Slot
More from Robinson & Cole LLP
Northeast Radiology Settles with OCR
by: Linn F. Freedman
Video Game Developer’s Website Privacy Policy Disclosure and Cookie Banner Consent Defeat Wiretap Class Action
by: Kathryn M. Rattigan
Judge Rules “Tester” Plaintiffs Cannot Bring Wiretap Claims under California Invasion of Privacy Act
by: Kathryn M. Rattigan
AI Powered Bot Targeted 400,000 Websites
by: Linn F. Freedman
Privacy Tip #440 – Text Scam Proceeds Surpass $470M in 2024
by: Linn F. Freedman
WhatsApp Patches Vulnerability That Facilitates Remote Code Execution
by: Linn F. Freedman
The FTC BOTS Act – Leveling the Ticketing Field
by: Roma Patel
Yahoo ConnectID Faces Class Action Over Email Address Tracking as Alleged Wiretap Violation
by: Kathryn M. Rattigan
Privacy Tip #439 – Government Officials’ Venmo Accounts Publicly Accessible
by: Linn F. Freedman
Stall on Automated Decision-Making Technology Rules from the California Privacy Protection Agency
by: Kathryn M. Rattigan
Privacy Tip #438 – FTC Chairman Shares Concerns Over 23andMe Data
by: Linn F. Freedman
CISA Issues Malware Analysis Report on RESURGE Malware
by: Linn F. Freedman
EdTech and Privacy of Student Information: A Case Study
by: Roma Patel
HB Ad Slot
HB Mobile Ad Slot
Upcoming Events
Apr 30 2025
Workplace Horizons 2025
Apr 23 2025
Illinois Genetic Information Privacy Act (GIPA) Essentials: Compliance Strategies and Litigation Insights
Apr 23 2025
Rooftop Reception at IAPP Global Privacy Summit 2025
Apr 24 2025
Latest Developments in Intellectual Property Enforcement and Procurement
More Upcoming Events
