GlobalLogic Data Breach: What You Need to Know

A recent data breach at GlobalLogic, a digital engineering services provider, has affected over 10,000 current and former employees. The breach, which involved the exploitation of an Oracle E-Business Suite vulnerability, has raised concerns about data security.

GlobalLogic, headquartered in Santa Clara, California, was established in 2000 and has since grown to operate in 59 product engineering centers globally. The company offers software and product development services to various clients.

In a statement to the office of Maine’s Attorney General, GlobalLogic revealed that personal information of 10,471 employees was compromised in the breach. The attackers gained unauthorized access to Oracle systems, leading to the theft of sensitive data.

GlobalLogic’s investigation revealed that the breach occurred between July and August 2025. The stolen data includes personal information such as names, addresses, phone numbers, and emergency contact details of employees.

Additionally, the attackers accessed email addresses, dates of birth, nationalities, passport information, salary details, and bank account information of the affected individuals. This breach has raised concerns about the security of Oracle EBS systems.

Clop’s Involvement in Data Theft

While GlobalLogic has not attributed the breach to a specific threat group, it aligns with a recent extortion campaign by the Clop ransomware gang. The gang exploited a zero-day vulnerability in Oracle EBS systems to steal data from multiple companies.

Google Threat Intelligence Group has indicated that several organizations, including Harvard University and The Washington Post, were targeted by Clop. The gang has been adding compromised data to its Tor leak site, making it available for download.

GlobalLogic’s response to the breach and its negotiations with Clop remain undisclosed. The company’s data security measures and communication with the threat group are under scrutiny as the investigation unfolds.

Clop has been linked to other data theft campaigns targeting various organizations worldwide. The U.S. State Department has offered a substantial reward for information linking Clop’s attacks to foreign governments, highlighting the severity of the situation.

As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are prioritizing safety measures. Download our free cheat sheet with 7 best practices for enhanced security.

Download Now