Oracle under fire for its handling of separate security incidents

Tech Crunch - Mar 31st, 2025

Tech giant Oracle is under fire for its handling of two potential data breaches, with at least one incident still developing despite Oracle's denial of a cloud breach. One breach pertains to Oracle Health, a unit formed after Oracle acquired Cerner, which involves patient data theft. Reports suggest hackers accessed Oracle servers and stole sensitive information, prompting an extortion attempt on affected hospitals. Oracle Health customers were notified in March about the breach, which reportedly involved legacy servers not yet migrated to Oracle Cloud. An anonymous Oracle employee criticized the company's lack of transparency, both internally and externally.

The second alleged breach involves Oracle Cloud servers, with a hacker claiming to have accessed data from six million Oracle Cloud customers. Despite mounting evidence and confirmation from several Oracle customers about the authenticity of the leaked data, Oracle has denied any breach of its cloud services. Cybersecurity experts have criticized Oracle's handling of the situation, urging the company to openly communicate with affected customers to maintain trust and responsibility. The incidents raise significant concerns about Oracle's cybersecurity protocols and its transparency in addressing these issues.

Oracle Health Cybersecurity Oracle Data Breach Cloud Services Cerner Kevin Beaumont Lisa Forte

Story submitted by Fairstory

RATING

7.2

Fair Story

Consider it well-founded

The article provides a comprehensive overview of the alleged data breaches at Oracle and Oracle Health, effectively highlighting the potential impact on patient data and cloud customers. It is timely and addresses issues of significant public interest, particularly in the realms of data privacy and corporate transparency. The use of credible sources and expert opinions enhances the story's reliability, though the absence of official comments from Oracle and reliance on an anonymous employee introduce some limitations. The article is well-structured and readable, making complex cybersecurity issues accessible to a general audience. While the story presents a predominantly critical view of Oracle, it could benefit from more balanced perspectives to provide a fuller picture. Overall, the article is a strong piece of reporting with the potential to influence public opinion and spark meaningful discussion about corporate responsibility in data security.

Accuracy

The story provides a detailed account of two separate data breaches involving Oracle and Oracle Health. It accurately reports that Oracle Health's breach affects patient data and that Oracle Cloud's breach involves claims of exposed customer data. However, the article lacks specific details on the exact nature of the data stolen in both breaches and the full scope of affected organizations. The timeline and the hacker's extortion attempts are consistent with the reported facts. Yet, Oracle's denial of the cloud breach, despite evidence from external cybersecurity experts and customers, introduces a potential discrepancy. The story's accuracy is supported by citations from credible sources like Bloomberg and Bleeping Computer, but the lack of Oracle's official comment leaves some claims needing further verification.

Balance

The article presents a predominantly critical view of Oracle's handling of the breaches, highlighting the company's lack of transparency and communication. It includes perspectives from cybersecurity experts and an anonymous Oracle employee, which adds depth to the criticism. However, the article does not provide Oracle's perspective beyond their denial of the cloud breach, which could present an imbalance. Including more viewpoints from Oracle or independent cybersecurity analysts who might defend or contextualize Oracle's actions would offer a more balanced perspective.

Clarity

The article is well-structured, with a clear distinction between the two breaches. It uses straightforward language to explain complex cybersecurity issues, making it accessible to a general audience. The logical flow from the Oracle Health breach to the Oracle Cloud breach helps maintain clarity. However, the inclusion of more detailed explanations regarding the technical aspects of the breaches and the implications for affected customers could improve understanding for readers less familiar with cybersecurity.

Source quality

The article references reputable sources such as Bloomberg and Bleeping Computer, known for their credible reporting in technology and cybersecurity. The inclusion of statements from cybersecurity experts like Kevin Beaumont and Lisa Forte further enhances the credibility of the claims made. However, the reliance on an anonymous Oracle employee and the absence of Oracle's official comment could affect the perceived reliability of the narrative. Overall, the source quality is strong but could benefit from more direct statements from Oracle.

Transparency

The article is transparent about its sources and the information it presents, clearly attributing claims to specific publications and experts. It openly discusses the lack of response from Oracle, which adds to the transparency of the reporting. However, the article could improve by providing more context on how the information was obtained, particularly regarding the anonymous Oracle employee's statements. Transparency about the potential limitations or biases of the sources would further enhance the reader's understanding.