Envoy Air hit by Oracle-linked cyberattack, confirms limited data exposure
Envoy Air, the largest regional carrier for American Airlines (AAL.O), confirmed on Friday that it was the victim of a cyberattack linked to Oracle (ORCL.N) E-Business Suite vulnerabilities, part of a broader hacking campaign carried out by the CL0P extortion group.
The Texas-based airline said it had launched an internal investigation and contacted law enforcement after discovering the breach, which affected systems connected to Oracle software.
“We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected,” a company spokesperson said. “A limited amount of business information and commercial contact details may have been compromised.”
Envoy Air operates over 160 aircraft and 875 daily flights for American Airlines. The company is the second confirmed victim of the campaign, which cybersecurity experts say has exploited weaknesses in Oracle’s enterprise systems to infiltrate corporate networks.
The CL0P ransomware group, known for previous high-profile attacks on software providers, claimed responsibility and listed American Airlines on its website as one of the victims, though the airline said questions should be directed to Envoy.
Google’s cybersecurity team said earlier this month that the ongoing campaign may have been active for over three months, resulting in the theft of “mass amounts of customer data” from various organizations. Harvard University also confirmed it was targeted in a similar attack earlier this week.
The breach underscores the growing risks associated with third-party enterprise software, particularly as hackers increasingly exploit widely used business platforms for extortion.