Russian Hackers Steal Data on 10,000 GlobalLogic Employees
The American company GlobalLogic has reported that the personal data of more than 10,000 current and former employees was compromised following a wave of cyberattacks targeting Oracle E-Business Suite (EBS) systems. The breach was first reported by The Register.
- According to GlobalLogic’s internal investigation, the earliest signs of malicious activity date back to July 10, 2025, with the most recent ones recorded on August 20, 2025. These findings align with reports from Google’s Threat Intelligence Group (GTIG) and Mandiant, both of which detected suspicious HTTP traffic aimed at Oracle EBS servers in early July.
- The attackers are believed to have exploited vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle’s ERP software, targeting organizations that had left their systems exposed to the internet.
- The attack is attributed to the Clop hacker group. While there is no evidence of Russian state backing, analysis of the group’s operations suggests that Clop is largely based in Russia
- In a report filed with the Maine Attorney General’s Office, GlobalLogic said that 10,471 individuals were affected after attackers gained unauthorized access to its systems. The stolen data reportedly includes names, addresses, Social Security numbers, passport details, and bank information.
- GlobalLogic is not the only victim. The Washington Post and Allianz UK were also hit in the same cyber campaign. Meanwhile, Clop’s leak site has published a list of approximately 30 organizations allegedly compromised via Oracle EBS, spanning various industries, including healthcare, finance, manufacturing, education, electronics, and media.
- Oracle has not publicly commented on the scale of the incident and has not responded to The Register’s requests for comment. However, activity on the Clop leak site continues to increase, indicating that the campaign remains active.
Founded in 2000 through the merger of 11 companies (including three Ukrainian firms), GlobalLogic was acquired by Hitachi in 2021. At the time, its Ukrainian offices in Kyiv, Kharkiv, Lviv, and Mykolaiv employed around 5,700 specialists. According to estimates from DOU, the company currently employs about 5,500 people in Ukraine.
Russian Hackers Steal Data on 10,000 GlobalLogic Employees
The American company GlobalLogic has reported that the personal data of more than 10,000 current and former employees was compromised following a wave of cyberattacks targeting Oracle E-Business Suite (EBS) systems. The breach was first reported by The Register.
- According to GlobalLogic’s internal investigation, the earliest signs of malicious activity date back to July 10, 2025, with the most recent ones recorded on August 20, 2025. These findings align with reports from Google’s Threat Intelligence Group (GTIG) and Mandiant, both of which detected suspicious HTTP traffic aimed at Oracle EBS servers in early July.
- The attackers are believed to have exploited vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle’s ERP software, targeting organizations that had left their systems exposed to the internet.
- The attack is attributed to the Clop hacker group. While there is no evidence of Russian state backing, analysis of the group’s operations suggests that Clop is largely based in Russia
- In a report filed with the Maine Attorney General’s Office, GlobalLogic said that 10,471 individuals were affected after attackers gained unauthorized access to its systems. The stolen data reportedly includes names, addresses, Social Security numbers, passport details, and bank information.
- GlobalLogic is not the only victim. The Washington Post and Allianz UK were also hit in the same cyber campaign. Meanwhile, Clop’s leak site has published a list of approximately 30 organizations allegedly compromised via Oracle EBS, spanning various industries, including healthcare, finance, manufacturing, education, electronics, and media.
- Oracle has not publicly commented on the scale of the incident and has not responded to The Register’s requests for comment. However, activity on the Clop leak site continues to increase, indicating that the campaign remains active.
Founded in 2000 through the merger of 11 companies (including three Ukrainian firms), GlobalLogic was acquired by Hitachi in 2021. At the time, its Ukrainian offices in Kyiv, Kharkiv, Lviv, and Mykolaiv employed around 5,700 specialists. According to estimates from DOU, the company currently employs about 5,500 people in Ukraine.
