Blog

Potential Oracle Cloud Breach

What we currently know, 03/24/2025

There has been recent activity around a potential Oracle Cloud breach. Samples of allegedly stolen info from Oracle Cloud are open for sale, touting 6 million records extracted. This data appeared on March 21, 2025, with the threat actor claiming to have gained access by hacking the login endpoint. The data posted includes Java Keystore (JKS) files, encrypted SSO passwords, key files, and enterprise manager Java Process Status (JPS) keys.

Clearwater is actively monitoring this supply-chain threat and assessing all updates on this situation. As of this post, Oracle denies any compromise.

Our recommendation is to take precautions against any leaked passwords with the following actions:

  • For all users, ensure the passwords, keys, secrets, and hash values associated with Oracle Cloud Apps are immediately changed
  • Update all SSO and LDAP integrations
  • Enable MFA to access all Oracle Cloud Apps

Below, you can check if your organization’s web or email domain has been compromised using a tool developed by Clearwater’s Managed Security Services team. 

We will continue monitoring the situation and post updates to this page as new information becomes available. If your organization’s web or email domain is compromised, or if you need immediate help assessing this potential risk, feel free to contact us.

View All Resources

Newsletter

Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.


I agree and have read the terms of Clearwater's privacy policy. Please send me your newsletter.

Related Blogs

Are You Ready For Quantum Day in Healthcare?

Are You Ready For Quantum Day in Healthcare?

Blog
From AI-driven diagnostics to wearable smart devices and telehealth breakthroughs, rapid digital transformation drives modern healthcare service delivery. From what was once a tech-resistant industry — and one where many legacy systems still play critical roles in operations — healthcare tech adoption has radically evolved since pre-COVID. With all these breakthroughs and benefits, many covered entities and business associates struggle to keep pace with the increased risk these innovations introduce into the modern healthcare ecosystem. The more technologies, web apps, smart devices, and cloud services your organization adopts, the greater chance of a cyber breach.
Read More
Clinical Research Organizations: M&A Goldmine or Data Liability? Why Cybersecurity Must Be on Every Investor’s Radar

Clinical Research Organizations: M&A Goldmine or Data Liability? Why Cybersecurity Must Be on Every Investor’s Radar

Blog
The market for clinical trials is experiencing significant momentum in mergers and acquisitions (M&A). Private equity (PE) investment in Clinical Research Organizations (CROs) and Site Management Organizations (SMOs) is being spurred by site consolidation, expansion of specialized services, and technology innovation. These firms are important players in the pipeline of drug development and the best targets for investors who wish to capitalize on healthcare innovation.
Read More
8 Easy Ways to Prepare for an OCR HIPAA Compliance Audit

8 Easy Ways to Prepare for an OCR HIPAA Compliance Audit

Blog
The Office for Civil Rights (OCR) has officially launched its third round of HIPAA audits, following previous assessments in 2012 and 2016.  Learn 8 easy ways to prepare for an OCR HIPAA compliance audit and safeguard your health information against rising cyber threats. Past audits revealed widespread compliance gaps, prompting increased oversight.
Read More

Connect
With Us


Let us know who referred you, if you went to an event, found us in search, or liked one of our LinkedIn posts. 

By clicking the “Submit” button below, I agree that I have read and agree to the terms of Clearwater’s Privacy Policy.