American Airlines Subsidiary Envoy Confirms Data Breach via Oracle EBS Vulnerabilities

by Sarah Collins
American Airlines Subsidiary Envoy Confirms Data Breach via Oracle EBS Vulnerabilities - Professional coverage

Airline Subsidiary Confirms Oracle EBS Compromise

Envoy Air, a regional carrier operating as an American Airlines subsidiary, has confirmed it was among the organizations compromised through security vulnerabilities in Oracle’s E-Business Suite (EBS) platform. According to reports, the Clop ransomware group claimed responsibility for the breach and subsequently listed American Airlines on its data leak site.

An Envoy spokesperson stated, “We are aware of the incident involving Envoy’s Oracle E-Business Suite application. Upon learning of the matter, we immediately began an investigation and law enforcement was contacted.” The company’s internal review reportedly confirmed that no sensitive or customer data was affected, though a limited amount of business information and commercial contact details may have been compromised.

Extortion Group’s Claims and Response

The Clop cybercrime group added American Airlines to its leak site last Thursday, claiming the company had ignored security concerns. In a post shared on social media and seen by The Register, the extortionists wrote: “The company doesn’t care about its customers, it doesn’t care about their security!!!”

Envoy officials declined to comment on the criminals’ extortion demands, maintaining that the breach did not impact American Airlines’ IT environments or data, nor did it affect Envoy’s flight operations or airport ground handling services. The incident appears limited to the Oracle Applications environment used by the regional carrier.

Widespread Impact Across Organizations

Security analysts suggest this breach is part of a broader campaign targeting Oracle EBS vulnerabilities. According to reports, Google’s chief threat analyst indicated that “dozens” of organizations were likely affected, with intruders potentially having a three-month head start before defenders became aware of the compromises.

John Hultquist, chief analyst at Google Threat Intelligence Group, told The Register that “some historic Clop data extortion campaigns have had hundreds of victims,” noting that “unfortunately, large scale zero-day campaigns like this are becoming a regular feature of cybercrime.” This pattern mirrors previous attacks, including the widespread compromise of Progress Software’s MOVEit file transfer solution in 2023 that affected thousands of organizations.

Oracle’s Security Response

Oracle has addressed the vulnerabilities through emergency patches in recent weeks. On October 2, the company notified customers that thieves may have exploited security flaws that were patched in July 2025, recommending immediate application of the latest critical patch updates.

Two days later, Oracle released an emergency patch for a zero-day vulnerability tracked as CVE-2025-61882 that Clop had already exploited for data theft and extortion. This week, the company pushed another emergency patch for a separate EBS vulnerability tracked as CVE-2025-61884, which received a CVSS score of 7.5 and affects the Runtime UI component.

Oracle’s advisory warns that this latest flaw can be exploited remotely without authentication and “may allow access to sensitive resources,” highlighting the ongoing security challenges facing enterprise software systems. Security researchers have reportedly observed signs of Clop activity in Oracle customers’ EBS environments since at least August, with some evidence suggesting the malicious activity may have begun even earlier.

Broader Industry Implications

The Envoy Air incident occurs amid broader industry developments in cybersecurity and increasing concerns about supply chain attacks. As organizations continue to face sophisticated threats, the need for robust security measures becomes increasingly critical across all sectors.

These security challenges coincide with other market trends in technology and business operations, where digital transformation initiatives must balance innovation with security considerations. The incident also highlights how related innovations in cybersecurity defense are evolving to address emerging threats.

As the situation continues to develop, security professionals are monitoring how recent technology security incidents might influence enterprise software procurement and security practices moving forward. The Clop group’s continued targeting of widely used business platforms demonstrates the persistent challenges organizations face in protecting their digital assets.

This reporting is based on publicly available information and statements from involved organizations. The incident remains under investigation by relevant authorities.

This article aggregates information from publicly available sources. All trademarks and copyrights belong to their respective owners.

Note: Featured image is for illustrative purposes only and does not represent any specific product, service, or entity mentioned in this article.

Related Posts

European Cyber Defense Under Siege as Region Becomes Global Hotspot for Digital Attacks - Professional coverage
European Cyber Defense Under Siege as Region Becomes Global Hotspot for Digital Attacks

Europe has rapidly transformed from a relatively secure digital environment to one of the world’s most targeted cyber regions. Security analysts report that geopolitical tensions and sophisticated ransomware campaigns have created a perfect storm of digital threats across the continent, forcing organizations to prioritize resilience over prevention.

Europe’s Rapid Descent into Cyber Risk Hotspot

According to recent cybersecurity reports, Europe has experienced a dramatic shift in its digital security standing, transitioning from a relatively low-risk environment to one of the world’s most targeted regions. Sources indicate this transformation has been both swift and severe, with the ongoing conflict between Russia and Ukraine spilling far beyond physical battlefields into digital domains.

Microsoft Warns of AI-Powered Cyberattacks by Russia, China on U.S. - Professional coverage
Microsoft Warns of AI-Powered Cyberattacks by Russia, China on U.S.

Foreign adversaries are weaponizing artificial intelligence to launch sophisticated cyberattacks and spread disinformation, according to Microsoft’s latest threat report. The company identified over 200 instances of AI-powered deception in July alone, representing a tenfold increase from 2023 levels. These developments signal a new era of automated digital threats facing national security.

Sharp Increase in AI-Powered Cyber Operations

Russia, China, Iran, and North Korea have dramatically escalated their use of artificial intelligence to deceive targets online and conduct cyberattacks against the United States, according to new research from Microsoft. The company’s annual digital threats report, published Thursday, indicates foreign adversaries are adopting increasingly innovative tactics to weaponize the internet for espionage and deception operations.

Leave a Reply

Your email address will not be published. Required fields are marked *