Recently, Oracle Corporation has made headlines after the company reported experiencing two distinct data breaches. While Oracle has yet to make a public statement regarding either breach, according to a report by BleepingComputer, the company has privately provided notice to various healthcare facilities that were affected by one of the incidents. As a result of these incidents, an unauthorized party may have been able to access consumers’ sensitive information. If Oracle’s investigation into either incident confirms that consumer information was leaked, the company will be required to send out data breach notification letters to all individuals whose information was affected.
If you receive a data breach notification from Oracle Corporation, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Oracle data breach. For more information, please see our recent piece on the topic here.
What Caused the Oracle Data Breaches?
Oracle is reportedly dealing with two separate security incidents, one involving its healthcare division and the other tied to alleged unauthorized access to Oracle Cloud.
The first incident centers on Oracle Health, formerly known as Cerner, which provides electronic health record (“EHR") technology to hospitals. Oracle acquired Cerner in June 2022 and renamed the company Oracle Health.
According to reports, Oracle Health discovered a cyberattack on February 20, 2025, which forensic investigators determined began on January 22, 2025. Evidently, an unknown party accessed a legacy Cerner server using stolen credentials and removed data, potentially including sensitive patient information. Oracle Health has not publicly announced the breach but has begun notifying affected healthcare providers.
In what appears to be a separate incident, an unauthorized party claims to have exploited a vulnerability in Oracle Access Manager to access an Oracle Cloud server last month. This unauthorized party purports to have exfiltrated roughly six million records. Several companies have confirmed that the sample data contains genuine information tied to their accounts. However, Oracle has denied any breach of its Cloud platform and insists that none of the leaked credentials relate to Oracle Cloud, although the company has yet to provide a detailed explanation.
Information on each of these potential data breaches is rapidly developing. However, if Oracle determines that either incident exposed consumer information to unauthorized access, victims can expect to receive a data breach letter informing them of what happened and what information of theirs was compromised.
More Information About Oracle Corporation
Oracle Corporation is a multinational computer technology company specializing in database software, cloud-engineered systems, and enterprise software products. Founded in 1977 and headquartered in Austin, Texas, Oracle offers a comprehensive suite of cloud applications and platforms, including Infrastructure as a Service (IaaS) and Software as a Service (“SaaS”), serving a diverse global clientele across various industries. The company employs approximately 143,000 people and reported revenues of $49.9 billion in 2023.
