Cox Enterprises Data Breach: What Happened and How to Protect Yourself

In a recent incident, Cox Enterprises fell victim to a data breach that exposed sensitive personal information of individuals to hackers. The breach was facilitated by cybercriminals exploiting a zero-day vulnerability in Oracle E-Business Suite, a platform utilized by the company for its back-office operations.

The breach occurred in August, but Cox Enterprises only detected it in late September, prompting an internal investigation into the matter.

According to a statement released by the company, the suspicious activity involving Oracle’s E-Business Suite was brought to their attention on September 29, 2025. It was later revealed that the cybercriminals exploited a previously unknown security flaw within the platform between August 9-14, 2025.

Cox Enterprises, a prominent American conglomerate with interests in media, telecommunications, and automotive services, employs 55,000 individuals and generates an annual revenue of $23 billion. The company’s operations extend internationally, making the breach a matter of significant concern.

The Attackers and Their Tactics

Although Cox Enterprises did not disclose the identity of the attackers, the Cl0p ransomware group claimed responsibility for exploiting the zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite. This incident occurred before Oracle released a patch on October 5.

The Cl0p group is notorious for targeting popular software products used by numerous organizations. Past incidents involving the group exploiting zero-day vulnerabilities include breaches related to various software platforms such as Cleo, MOVEit Transfer, SolarWinds Serv-U FTP, and Accellion FTA.

Notably, other companies like Logitech, Washington Post, GlobalLogic, Envoy Air, and Harvard University have also reported breaches linked to Oracle E-Business Suite, highlighting the widespread impact of such attacks.

Protecting Impacted Individuals

Following the breach, Cox Enterprises notified 9,479 affected individuals and offered them instructions on enrolling in identity theft protection and credit monitoring services through IDX at no cost for a period of 12 months. This proactive measure aims to mitigate the potential risks associated with the exposure of personal data.

While the company did not specify the exact nature of the exposed data in the notification shared with authorities, it remains crucial for impacted individuals to take necessary precautions to safeguard their information.

Latest Developments and Recommendations

Recently, the Cl0p group added Cox Enterprises to their data leak website on the dark web, where stolen information was published. Additionally, the group listed 29 new companies as victims, emphasizing the ongoing threat posed by such cybercriminal activities.

As the cybersecurity landscape continues to evolve, organizations and individuals must prioritize security measures and stay vigilant against potential threats. It is essential to stay informed about the latest cybersecurity best practices and implement necessary safeguards to prevent future breaches.

Update 11/22/25: This article has been revised to correct an error regarding the exploitation of a 2021 API vulnerability by attackers.