Oracle EBS data breach compromised close to 6,000 Informa employees

Informa Exhibitions said the data of close to 6,000 current and former employees was accessed by hackers who hacked the Oracle eBusiness Suite software in 2025.

 

Informa Exhibitions U.S. Construction and Real Estate, Inc., a subsidiary of the British B2B publishing and events group Informa PLC, recently announced in a regulatory filing that the information of thousands of its current and former employees was impacted in a cyber attack that exploited a critical vulnerability in the Oracle eBusiness Suite application in 2025.

 

The Clop ransomware group reportedly exploited a zero-day vulnerability in Oracle EBS, assigned CVE-2025-61882, that allowed the threat group to send specially crafted HTTP requests to the affected component resulting in full system compromise. The vulnerability affected organisations using Oracle E-Business Suite versions 12.2.3 to 12.2.14.

 

Informa Exhibitions, which organises trade shows, conferences and exhibitions in the United States, said the data breach occurred between August 11 and August 18, 2025, and involved hackers exploiting the Oracle application to gain access to an Informa Oracle system.

 

The company said that in November 2025, it identified the data breach incident and determined that the hackers had exfiltrated employee records from its system, including historical employment-related information. It immediately engaged third party forensic experts to secure the system and launched an investigation to determine the full scope of the incident.

 

Informa Exhibitions notified the office of the Attorney General of Maine that the compromised data included the information that current and former employees had shared with the company as part of their employment, including their names and Social Security numbers. The company added that the security incident impacted 5,959 individuals.

 

Informa’s disclosure comes not long after New York-based Madison Square Garden Entertainment Corp. said the data of more than 131,000 customers was accessed by hackers who hacked the Oracle eBusiness Suite in 2025.

 

According to analysis by UpGuard, the incident involved the Clop ransomware group accessing data stored in the Oracle application between August 10, 2025, and October 21, 2025 and stealing names, social security numbers and other information. Oracle discovered the incident on December 16, 2025. 

 

The exploitation of the critical vulnerability by the Clop group also affected major organisations like Oracle Corporation, Broadcom, Canon, Michelin, Mazda Motor, Estee Lauder Companies, Humana Inc., MAS Holdings, Abbott Laboratories, Bechtel, Enovis Corporation, Elkay Manufacturing, the University of Phoenix, Tulane University, and Greater Cleveland Regional Transit Authority.

 

The cyber security incident also affected the likes of GlobalLogic (Hitachi Group), Cox Enterprises, The Washington Post, Allianz UK, Sato Corporation, Envoy Air, and NHS England.