Oracle Cloud and Oracle Health experience cyber incidents, sensitive data accessed
Oracle Cloud experienced multiple cyber incidents, reported on April 22, 2025, affecting legacy environments on "Oracle Cloud Classic" and Oracle Health servers. Hackers gained access to significant volumes of data. Oracle also notified customers of a breach at Oracle Health (formerly Cerner), impacting multiple U.S. healthcare organizations and hospitals. The threat actor is demanding millions of dollars in cryptocurrency not to leak or sell the stolen data.
Signal context
First seen: Apr 22, 2025
Last updated: Jun 26, 2026
Status: Public signal
Key points
- Multiple cyber incidents reported on April 22, 2025.
- Affected Oracle Cloud Classic and Oracle Health legacy environments.
- Hackers gained access to significant volumes of data.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Health Care and Social Assistance
Likely country: Location not provided
Watch process controls, misconfiguration and accidental disclosure paths.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: Server or cloud data store
- 6 signals in the same sector
- 90 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
April 2025 Cybersecurity News Recap - SWK Technologieshttps://www.swktech.com/april-2025-cybersecurity-news-recap/Public source from swktech.com.
April 2025 Data Breaches: 4 Million SSNs Leaked, 23M+ in Settlements | Pomeriumhttps://www.pomerium.com/blog/april-2025-data-breachesPublic source from pomerium.com.
Related signals
Grouped by why the signal is relevant.
Oracle PeopleSoft Zero-Day Exploited by ShinyHunters, Advisory Published
Oracle published a security advisory on June 10, 2026, for CVE-2026-35273, a critical remote code execution flaw in PeopleSoft Enterprise PeopleTools. This vulnerability was actively exploited as a zero-day by the ShinyHunters cybercrime group in a campaign that ran from May 27 to June 9, 2026. The attacks compromised over 100 organizations, primarily colleges and universities, leading to data theft.
Peter Thiel's Dialog Society Data Leak Exposes Senior US Officials
A data exposure at Dialog, a private events group co-founded by Peter Thiel, unmasked personal information and login tokens for US and allied national security figures. The incident, which Dialog internally classified as a cyberattack but evidence suggests was a website misconfiguration, exposed private details of 222 registrants for its 2026 retreat, including names, private contact details, active login tokens, and internal ratings.
Huntsville Hospital Health System Notifies Patients of Data Exposure from Cerner Breach
Huntsville Hospital Health System informed patients on June 26, 2026, about a data exposure stemming from a 2025 breach on Cerner's (now Oracle Health) legacy systems. The breach, which occurred on January 22, 2025, exposed personal and medical information. Cerner had notified its healthcare clients, including Huntsville Hospital, on August 12, 2025, but patient notification was delayed at the request of law enforcement.
Vienna Airport Targeted in APT73/Bashe Ransomware Attack
The ransomware group APT73/Bashe claimed responsibility for a cyberattack against Vienna Airport (Flughafen Wien AG) on June 23, 2026, threatening to leak sensitive data. The airport acknowledged a limited leakage of old cargo-related files from one email inbox but denied a broader system compromise.
Meta Suspends Internal AI Program After Employee Data Leak
Meta suspended its internal AI program, 'Model Capability Initiative' (MCI), after a data leak exposed sensitive employee information. The program, designed to train AI models, recorded mouse movements, clicks, keystrokes, and took screenshots of employee activity. Problems with data storage were reported in May, leading to the suspension and an ongoing investigation. The incident was publicly reported on June 23, 2026.
Whise.eu (European Real Estate CRM) Data Leak by ChimeraZ
The threat actor ChimeraZ claimed to have leaked a database from Whise, a Belgian CRM system for the real estate sector, on the dark web on June 23, 2026. The leaked data reportedly consists of 40.85 million records, approximately 15.8 GB of JSON files. Whise is a market leader in Belgium and also active in France.