American multinational Cox Enterprises has disclosed a significant data breach, in which hackers exploited a zero-day vulnerability in its Oracle E-Business Suite (EBS) to access sensitive personal information. The conglomerate operates across media, telecommunications, and automotive services, employing 55,000 staff and generating $23 billion in annual revenue.
Attack Occurred in August, Discovered in September
The breach took place between August 9–14, 2025, but Cox Enterprises only detected suspicious activity on September 29, 2025, when an internal investigation was launched. Hackers leveraged an unknown zero-day vulnerability (CVE-2025-61882) in Oracle EBS, which was exploited before Oracle released a patch on October 5, 2025.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Cl0p Ransomware Gang Implicated
While Cox Enterprises has not publicly named the attackers, the Cl0p ransomware group has claimed responsibility for exploiting this vulnerability. Cl0p has a history of high-profile breaches, including Cleo File Transfer (2024), MOVEit Transfer (2023), and SolarWinds Serv-U FTP (2021), targeting large organizations and universities worldwide.
Scope of Impact
The company has notified 9,479 affected individuals. Cox Enterprises is offering 12 months of free identity theft protection and credit monitoring. The exact nature of the compromised data has not yet been disclosed in official communications.
Data Published on Dark Web
The stolen data was published by Cl0p on their dark web portal on October 27, 2025. The portal also listed 29 other major organizations from the automotive, software, and technology sectors as victims of similar attacks.
Oracle E-Business Suite Vulnerabilities and Global Implications
Oracle EBS is a widely used back-office platform, critical for large enterprises. Previous zero-day exploit incidents have affected organizations such as Logitech, Harvard University, Washington Post, Envoy Air, and GlobalLogic. Experts note that these breaches underscore the risks of underestimating security in enterprise back-office applications.
Cox Enterprises’ Response
Cox Enterprises has assured that affected users have been notified and that identity theft protection and credit monitoring services are being provided. The company has also accelerated its internal security reviews, applied the Oracle EBS patch, and implemented additional safeguards to prevent further breaches.
Expert Commentary
Cybersecurity analysts emphasize that zero-day vulnerabilities pose the most serious threat to large organizations because they exploit previously unknown weaknesses. Groups like Cl0p are actively targeting new enterprises and applications, highlighting the critical need for continuous monitoring and rapid patch management.
