Oracle has confirmed its second major data breach in a month, with hackers stealing customer login credentials. The incident has prompted federal investigations and raised further concerns about the company's cybersecurity practices.
Oracle Corp. (NYSE: ORCL) has confirmed a second significant cybersecurity breach in less than a month. According to a recent Reuters report, a hacker infiltrated the tech giant’s computer systems and gained access to sensitive customer data, including usernames, passwords, and encrypted credentials. The company disclosed the breach to customers, noting that the compromised data stemmed from an older system last used over eight years ago.
However, sources close to the investigation revealed that some of the stolen login credentials were as recent as 2024, raising questions about the actual scope of the breach and Oracle's risk assessment.
In January 2025, Oracle Health — which acquired Cerner and its electronic health record (EHR) system in 2022 — experienced a hacking incident involving legacy Cerner patient data. Hackers gained access to outdated servers on January 22 using compromised customer credentials and exfiltrated sensitive patient data.
The attackers, reportedly aiming to extort multiple U.S. healthcare providers, were discovered nearly a month later on February 20. Oracle Health opted not to notify patients directly, instead leaving the responsibility to clients while offering credit monitoring services and mailing assistance. The company also restricted communication with affected clients to phone calls with its Chief Information Security Officer, a move that drew criticism for a perceived lack of transparency.
The FBI is currently investigating that breach as well. The incident highlighted the increasing vulnerability of healthcare IT vendors, who serve as gatekeepers to vast troves of protected health information (PHI). Security experts warn that outdated systems and unpatched devices across cloud platforms and Internet of Medical Things (IoMT) networks create serious attack surfaces.
Read more: Oracle Health faces backlash after hack exposes patient data
The breach, reportedly validated by private cybersecurity firm Trustwave Holdings, involved an attempt by the hacker to sell the stolen information online and extort payment from Oracle. Despite initially denying that any data had been compromised, Oracle now admits the intrusion occurred, though it maintains that Oracle Cloud customers were unaffected.
Researchers from Trustwave described the exposed credentials as a “rich dataset,” potentially exploitable for phishing attacks, identity theft, and unauthorized account access.
The incident is separate from a previously confirmed breach in March, when Oracle servers were compromised and health data, including patient records, was exfiltrated. That breach drew heavy criticism due to Oracle's delayed notification to affected parties
For Oracle, the back-to-back breaches and perceived lack of transparency threaten to erode customer trust and raise serious concerns about its data security infrastructure. The company’s slow acknowledgment of both incidents has sparked industry-wide scrutiny, especially as enterprise clients rely on Oracle’s software and cloud solutions to handle sensitive business operations and personal data.
For customers, the stolen credentials — even from older systems — can be weaponized for targeted phishing campaigns or leveraged in broader cyberattacks. Since reused passwords are still common, the implications of this breach could stretch far beyond Oracle’s systems.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
Companies usually notify affected individuals directly, but you can also monitor official statements or contact customer support for updates.
Change your passwords immediately, enable two-factor authentication, and monitor your accounts for suspicious activity or unauthorized transactions.