Oracle E-Business Suite Hack Leaves Four Major Companies Silent on Impact A recent cyberattack targeting Oracle E-Business Suite (EBS) has disrupted organizations reliant on the platform for critical business operations, including finance, supply chain, HR, and procurement. While many companies have responded with public disclosures and mitigation efforts, Broadcom, Bechtel, Estée Lauder, and Abbott Technologies have yet to issue any statements, raising concerns about transparency and crisis management. The breach exposes vulnerabilities in a widely used enterprise software suite, threatening the integrity of sensitive corporate and customer data. Security researchers and incident response teams are assessing the full scope of the compromise, with affected organizations working to determine exposure and prevent follow-on attacks. In contrast to the silent four, other companies have taken proactive steps, including acknowledging the breach, implementing security measures, collaborating with cybersecurity firms, and notifying stakeholders. This approach is considered best practice in handling enterprise-wide software vulnerabilities. The continued silence from Broadcom, Bechtel, Estée Lauder, and Abbott Technologies leaves stakeholders uninformed about potential risks, data protection efforts, and the companies’ cybersecurity commitments. The lack of disclosure may also invite regulatory scrutiny, particularly for publicly traded firms, while risking long-term reputational damage. As cybersecurity incidents grow in frequency and severity, transparent communication is increasingly seen as a corporate obligation both for stakeholder trust and legal compliance. The absence of updates from these four companies underscores a critical gap in modern incident response policies.

Broadcom, a global technology leader valued at hundreds of billions, was among the high-profile victims of Cl0p’s ransomware attack exploiting a zero-day vulnerability in Oracle’s E-Business Suite (CVE-2025-61882 and CVE-2025-21884). The cybercriminal group exfiltrated sensitive corporate and customer data, threatening to leak or sell it unless a ransom was paid. The breach compromised critical systems, risking financial records, proprietary business data, and third-party customer information. Cl0p’s extortion tactics included warnings of public disclosure on their blog, torrent leaks, or sales to malicious actors, amplifying reputational and operational risks. Given Broadcom’s role in semiconductor and infrastructure technology, the attack posed supply chain cascading risks, potentially disrupting clients reliant on its products. Oracle issued emergency patches, but the damage—including data theft, potential regulatory fines, and erosion of stakeholder trust—had already occurred. The incident underscores vulnerabilities in enterprise software dependencies, with Broadcom facing long-term financial and strategic repercussions if the stolen data is weaponized.

The California Office of the Attorney General disclosed a data breach at Abbott Laboratories on January 19, 2019, stemming from a misplaced portable drive handled by a third-party auditor. The incident exposed sensitive employee information, including names and Social Security numbers (SSNs), though the exact number of affected individuals remains unspecified. The breach did not involve a targeted cyber attack or malicious intrusion but rather resulted from human error—the physical loss of a storage device containing unencrypted or inadequately secured data. Such exposures heighten risks of identity theft, financial fraud, or phishing attacks targeting the affected employees. The company likely faced regulatory scrutiny under data protection laws (e.g., California’s CCPA or federal HIPAA if healthcare-related data was involved), alongside potential reputational damage and internal policy reviews to prevent future lapses in third-party vendor oversight. The incident underscores vulnerabilities in data handling protocols, particularly when external auditors or contractors manage sensitive corporate information.

The California Office of the Attorney General disclosed a data breach affecting Abbott Laboratories on April 17, 2015, stemming from a cyber-attack on Anthem Blue Cross Blue Shield (a third-party vendor) on December 1, 2014. The incident exposed sensitive personal information of individuals enrolled in the Abbott Plan, including names, dates of birth, member ID numbers, home addresses, phone numbers, email addresses, and employment details. The breach originated from a sophisticated external cyber intrusion targeting Anthem’s IT systems, compromising a database containing records linked to Abbott’s employees and plan members. While the attack did not involve financial data (e.g., credit cards or bank accounts) or medical records, the exposed information posed significant risks for identity theft, phishing scams, and fraudulent activities. Abbott Laboratories, as the affected organization, was required to notify impacted individuals and implement remedial measures, including credit monitoring services. The breach underscored vulnerabilities in third-party vendor security protocols and highlighted the cascading risks of supply-chain cyber attacks in the healthcare sector. No ransomware was involved, but the scale of exposed personally identifiable information (PII) marked it as a severe incident with long-term reputational and operational consequences for Abbott.

The Washington State Office of the Attorney General reported a data breach involving Abbott Nutrition on February 23, 2017. The breach, which occurred from approximately June 2013 to December 2016, affected around 1,819 individuals, potentially exposing their names, addresses, phone numbers, email addresses, and payment card information due to unauthorized access to the systems of Aptos, Inc., a third-party service provider.