Parexel International yesterday confirmed it notified at least 6,620 people of an August 2025 data breach that compromised the following personal info:
- Names
- Financial account numbers
- Payment card numbers without CVV
- Social Security numbers
- National ID number provided to Parexel in connection with employment
Parexel cited a zero-day vulnerability in Oracle’s E-Business Suite as the attack vector. The same vulnerability has been blamed for dozens of breaches in recent months.
“On October 4, 2025, we detected suspicious activity impacting a portion of our Oracle OCI E-Business Suite (“Oracle EBS”) environment hosted by Oracle and immediately engaged third-party cybersecurity experts to investigate,” says Parexel’s notice to victims.
“Our investigation has confirmed the activity stemmed from a zero-day exploit impacting Oracle’s cloud infrastructure that was announced by Oracle on October 5, 2025.”
Parexel is offering eligible victims 24 months of free identity theft protection through IDX. The deadline to enroll is March 17, 2026.
What is the Oracle E-Business Suite zero-day vulnerability?
Many large enterprises use Oracle’s E-Business Suite to manage finances and human resources. In October, Oracle disclosed a zero-day vulnerability in the software that led to several data breaches. A zero-day vulnerability is a security flaw in software that hackers can exploit before a fix is available from the developer.
Comparitech researchers have logged 20 confirmed breaches related to the vulnerability, compromising 193,600 records. Some of these breaches hit high-profile targets like Harvard University and the Washington Post.
Other recently-confirmed breaches stemming from the Oracle zero-day vulnerability include:
- NCH Corporation notified at least 1,842 people of an August 2025 data breach
- University of Phoenix disclosed a data breach in December
- Garden of Life notified 2,285 people of an August 2025 data breach
- LKQ Corporation notified 6,620 people of an August 2025 data breach
A ransomware group called Clop (“Cl0p”) took credit for most of these breaches. The group targets zero-day vulnerabilities like those found in Oracle’s E-Business Suite and the Cleo file transfer software. However, Parexel is not listed on Clop’s data leak site at time of writing.
We expect more organizations to disclose such breaches in the coming months. Clop has claimed responsibility for more than 100 attacks that haven’t been publicly acknowledged by the targeted organizations.
Ransomware attacks on US healthcare businesses
Comparitech researchers recorded 20 confirmed ransomware attacks on healthcare businesses that don’t provide direct care, such as medical software and pharmaceutical companies. Those attacks compromised 5.8 million records, most of which came from a January 2025 data breach at Episource.
Last week, Fieldtex confirmed it notified 274,000 people of an August 2025 data breach claimed by Akira.
Earlier this month, Precipio disclosed a data breach claimed by Inc Ransomware.
Ransomware attacks on manufacturers can lock down computer systems and steal data. Successful infections can disrupt billing, communications, orders, shipments, and in some cases manufacturing equipment and processes. The attackers demand a ransom to restore infected systems and delete stolen data. Businesses that refuse to pay up face extended downtime, permanent data loss, unauthorized data disclosure, and putting data subjects at increased risk of fraud.
About Parexel
Parexel is a clinical research organization and pharmaceutical manufacturer based in Raleigh, North Carolina. It employs more than 24,000 people, according to its website.
