Envoy Air Reports Oracle System Breach Following Clop Extortion Claims

Envoy Air, a subsidiary of American Airlines, has disclosed that its Oracle E-Business Suite was compromised. This revelation follows the appearance of American Airlines on the data leak site operated by the Clop ransomware gang.

 

Envoy Air, which flies regional routes under the American Eagle brand, is a subsidiary of American Airlines that operates independently but is closely connected to American’s systems for ticketing, scheduling, and passenger services.

 

Recently, Envoy Air revealed that it suffered a significant data security incident involving its Oracle E-Business Suite application. The airline company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected platform and notified relevant law enforcement authorities about the same.

 

“Upon learning of the matter, we immediately began an investigation and law enforcement was contacted. We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected. A limited amount of business information and commercial contact details may have been compromised,” a Envoy Air spokesperson told BleepingComputer.

 

 

The Clop ransomware group claimed responsibility for the cyber attack on the airline and listed it as a victim on its data leak site. This recent security incident is believed to be linked to an August data theft campaign by the Clop extortion group, which started sending extortion demands in September to companies, claiming they stole data from Oracle E-Business Suite systems, potentially affecting passenger information.

 

Since last week, the Clop group has also targeted Harvard University in this data theft campaign, with the university confirming that a limited number of individuals in a small administrative unit were affected.