According to TheRegister.com, Allianz UK has confirmed it was hit by the Clop gang’s Oracle E-Business Suite attack, with 80 current customers and 670 former customers affected. The criminals initially claimed they attacked Allianz-owned British insurer Liverpool Victoria on Tuesday, but Allianz says LV’s systems and customers were completely untouched. The breach happened through Oracle EBS used in Allianz UK’s personal lines business covering home, car, pet, and travel insurance. Google researchers believe “dozens” of organizations were likely affected by CVE-2025-61882 exploits that may have started as early as July. Allianz reported itself to the Information Commissioner’s Office but wouldn’t comment on whether it paid extortion demands.
The Oracle EBS Problem Isn’t Going Away
Here’s the thing about these Oracle EBS attacks – they keep happening to major companies, and we’re only hearing about the ones who come forward. Washington Post, American Airlines’ Envoy Air, now Allianz UK. Google’s threat intelligence group said back in October that they believed dozens of organizations were affected, and that attacks might have been running since July. Three months of undetected access? That’s terrifying.
And let’s talk about that misattribution. The criminals thought they hit Liverpool Victoria but actually got the parent company. Makes you wonder how much these threat actors actually know about the corporate structures they’re attacking. They’re just spraying and praying with these exploits.
Clop’s Repeat Performance
This is basically Clop doing what Clop does best – finding vulnerable enterprise software and exploiting it at scale. Remember the MOVEit attacks? That one affected 95 million people across nearly 3,000 organizations. Now they’re hitting Oracle EBS with the same playbook.
What’s concerning is that these aren’t sophisticated, targeted attacks. They’re finding zero-days in widely used business software and hitting everyone who hasn’t patched. When you’re dealing with critical systems that power insurance, manufacturing, or transportation – sectors where industrial panel PCs and enterprise software are essential – these vulnerabilities become everyone’s problem.
The Corporate Communications Game
Allianz UK says they’ve contacted all affected customers and offered support. But they’re not talking about extortion payments. And they’re emphasizing this is separate from that Allianz Life breach in July that affected 1.4 million customers. So we’ve got multiple breaches across the same corporate family in the same year?
I have to ask – when do we stop treating these as isolated incidents and start looking at systemic security issues? These are massive, well-resourced companies that should have robust security programs. Yet they keep getting hit by the same threat actors using similar methods. Something’s not working in the cybersecurity approach here.
The pattern is becoming too familiar: breach happens, company confirms minimal impact, offers support, emphasizes it’s contained. Meanwhile, the criminals move on to the next vulnerable system. When does this cycle actually break?
