Cox Enterprises hit by Oracle data breach - but it won't name who carried out the attack

News
By published

Has Cl0p struck again?

Data breach
(Image credit: Shutterstock)
  • Cox Enterprises breached via Oracle E-Business Suite zero‑day, exposing data of 9,479 individuals
  • Cl0p ransomware group claimed responsibility, publishing stolen files on its leak site in late October
  • Cox offers 24 months of free credit monitoring and identity theft protection to affected victims

Cox Enterprises, an American global conglomerate with major subsidiaries in telecommunications and automotive services, has confirmed being the latest in the long line of companies compromised through a zero-day in the Oracle E-Business Suite.

The company filed a new report with the Maine Attorney General’s Office, stating that it was breached in August, but only spotted the intrusion in late September, 2025, along with a data breach notification letter sent out to affected individuals - exactly 9,479 people.

“Unfortunately, this issue affected many companies that use Oracle’s systems, including Cox,” it said. “Once we learned of this activity, we promptly launched an investigation and applied Oracle’s security fix as soon as it became available. We also brought in cybersecurity experts and data analysts to review our systems and the data that we thought may have been copied and taken. We have also been in contact with law enforcement.”

Files pop up on the dark web

The investigation, which concluded on October 31, 2025, determined the hackers stole personal information, including full names - however other details about the nature of the files were redacted from the data breach notification letter.

Cox did not name the perpetrators, but from previous reports we know that the ransomware group known as Cl0p was behind the Oracle attacks.

The conglomerate is not the first company to have been struck through Oracle, with Logitech, Washington Post, GlobalLogic, Envoy Air, and Harvard University being just some of the high-profile names being mentioned.

Cl0p added Cox Enterprise to its data leak website on October 27, and has already published the stolen information.

To mitigate the risk, Cox is offering up to 24 months of free credit monitoring and identity theft protection services through IDX for all affected individuals.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.