Cyber attack on Oracle Platform Results in Massive Cox Enterprises Data Leak

Cox Enterprises reported that in September, cyber criminals exploited a zero-day vulnerability in Oracle E-Business Suite, compromising the personal information of nearly 10,000 individuals.

 

Cox Enterprises, headquartered in Atlanta, Georgia, is a global conglomerate with core operations in communications and automotive services. Its major brands include Cox Communications, Cox Automotive, and Autotrader.

 

In a data security incident notice filed with the Office of Maine Attorney General, Cox said that on September 29, it became aware of a security incident involving a previously undiscovered vulnerability in its Oracle E-Business Suite, which exposed sensitive personal information belonging to individuals associated with the company.

 

Oracle E-Business Suite is a popular enterprise resource planning (ERP) system that large organisations use to manage key internal functions such as human resources, finance, and supply chain operations.

 

The organisation immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. The investigation revealed that threat actors took “advantage of a previously unknown security flaw (called a “zero-day” vulnerability) in Oracle’s E-Business Suite between Aug. 9-14, 2025.

 

“Unfortunately, this issue affected many companies that use Oracle’s systems, including Cox.”

 

The compromised data included names and other personal identifiers including Social Security numbers. The filing with the Maine state regulator’s office also states that Cox has identified at least 9,479 individuals affected by the incident.

 

“Once we learned of this activity, we promptly launched an investigation and applied Oracle’s security fix as soon as it became available. We are constantly evaluating and monitoring our security practices and those of the third-party vendors we work with to minimise the risk of any similar incident in the future,” Cox said.

 

The company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.