top of page
outsystems-Q225-prospecting-ban-v1-300x600.png
outsystems-Q225-prospecting-ban-v1-728x90.png
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Envoy Air confirms data breach linked to extortion campaign targeting Oracle software

  • Marijan Hassan - Tech Journalist
  • 3 days ago
  • 2 min read

Envoy Air, the largest regional carrier and a wholly owned subsidiary of American Airlines, has confirmed that it fell victim to a recent data theft campaign orchestrated by the notorious cybercriminal group Clop. The attack exploited vulnerabilities within the company's Oracle E-Business Suite (EBS) application, a system used by dozens of organizations worldwide.


ree

The confirmation comes shortly after the Clop gang added American Airlines to its public leak site, claiming to have stolen data. American Airlines clarified that the incident was specific to its subsidiary, Envoy Air.


Limited Data Compromised, Customers Unaffected

In its official statement, Envoy Air confirmed the compromise but sought to reassure customers that sensitive passenger data was not involved.


The company noted the breach was isolated to Envoy’s Oracle E-Business Suite application and did not affect any of American Airlines' core IT environments or data. More importantly, the company confirmed the incident had no impact on customer data, flight, or airport ground handling operations.


"We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected," the company wrote, adding that "A limited amount of business information and commercial contact details may have been compromised."


Clop exploited Oracle zero-day flaws

The attack on Envoy Air is part of a high-volume extortion spree that began as early as August 2025, in which the Clop ransomware group leveraged a zero-day vulnerability in Oracle's EBS.


Clop is believed to have exploited a newly discovered vulnerability, CVE-2025-61882, and potentially other vulnerabilities in the EBS platform to gain unauthenticated access and steal data. The group then began emailing corporate executives in September with extortion demands, threatening to leak the stolen data.


Harvard University is another high-profile entity that has confirmed it was also compromised as a result of this same Oracle zero-day campaign.


Envoy Air stated that upon learning of the matter, it "immediately began an investigation and law enforcement was contacted."

wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page