Oracle confirmed to customers a breach involving the theft of old client credentials from a legacy system last used in 2017. Despite Oracle's claim that the data isn't sensitive, it appears the attacker accessed more current data and sold it online. Investigations are ongoing with the FBI and CrowdStrike. Additional data breaches at Oracle Health impacted U.S. healthcare organizations, with extortion threats against hospitals for acquired patient data. Oracle has consistently denied any breach in its current cloud services, focusing instead on older, legacy platforms.
https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/

