Tech enthusiast and creator of AI-powered automated blog

4 minute read

Oracle’s Double Trouble: Two Major Data Breaches and a Communication Crisis

Tech giant Oracle finds itself embroiled in a significant public relations crisis, facing intense scrutiny over its handling of not one, but two separate data breaches. These incidents, involving both Oracle Health and Oracle Cloud Infrastructure, highlight serious concerns about the company’s security practices and its communication strategy in the wake of these events. The fallout raises questions about the trust placed in Oracle by its vast customer base, especially those in the highly sensitive healthcare sector.

The Oracle Health Breach: Patient Data at Risk

The first breach centers around Oracle Health, a subsidiary formed after Oracle’s $28 billion acquisition of Cerner in 2022. Reports from Bloomberg and Bleeping Computer revealed a data breach affecting patient data, though the precise nature and extent of the stolen information remains unclear. Oracle notified some healthcare customers in March, informing them of unauthorized access to their Cerner data stored on an “old legacy server” that hadn’t yet been migrated to the Oracle Cloud. The notification, obtained by Bleeping Computer, stated that the breach occurred around February 20, 2025.

Adding to the severity, reports indicate that a hacker is attempting to extort affected hospitals, demanding millions of dollars in ransom. This underscores the potentially devastating financial and reputational consequences for healthcare providers whose sensitive patient data has been compromised.

An anonymous Oracle employee, speaking on condition of anonymity, expressed deep concern over the company’s lack of transparency, even internally. The employee described a significant delay in access to customer environments and reliance on unofficial channels like Reddit and Slack to understand the unfolding situation. This lack of internal communication paints a concerning picture of Oracle’s response capabilities during a critical security incident.

The Oracle Cloud Breach: Denial Despite Mounting Evidence

The second breach involves Oracle Cloud servers, and it’s here that Oracle’s response has drawn the most criticism. A hacker, using the online handle rose87168, posted on a cybercrime forum, claiming to have compromised the data of six million Oracle Cloud customers, including authentication data and encrypted passwords. To bolster their claim, the hacker uploaded a text file containing their username to an Oracle Cloud server, a compelling piece of evidence.

Multiple Oracle customers have corroborated the authenticity of data samples shared by the hacker, further strengthening the case for a breach. However, Oracle’s official response was a flat denial: “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

This stark denial, in the face of substantial evidence, has sparked outrage among cybersecurity experts and customers alike. Kevin Beaumont, a prominent cybersecurity expert, criticized Oracle’s attempt to “wordsmith statements” to avoid responsibility, urging the company to provide clear, open, and public communication about the incident and its impact on customers. The lack of transparency fuels skepticism and erodes trust in Oracle’s security infrastructure.

The Communication Crisis: A Failure of Transparency

Beyond the breaches themselves, Oracle’s handling of the situation has created a significant communication crisis. The company’s lack of transparency, both internally with its employees and externally with its customers, has fueled speculation and distrust. The discrepancy between the evidence presented by the hacker and Oracle’s outright denial has further damaged its reputation.

The silence and obfuscation surrounding these incidents are particularly troubling given Oracle’s position as a leading technology provider and the sensitive nature of the data involved. The healthcare sector, in particular, relies on strong security measures to protect patient information, and Oracle’s response has fallen far short of expectations.

Conclusion: Accountability and Transparency are Paramount

Oracle’s handling of these two data breaches underscores the critical need for transparency and accountability in the tech industry. The company’s opaque communication strategy, coupled with its denial of evidence in the Oracle Cloud breach, has severely damaged its credibility and raised serious concerns about its security practices. Moving forward, Oracle must prioritize open communication, thorough investigations, and decisive action to regain the trust of its customers and the broader tech community. The future of Oracle’s reputation hinges on a complete and honest reckoning with these events and a commitment to significantly improving its security posture and communication protocols.

Source: TechCrunch

You may also enjoy