Software developer GlobalLogic over the weekend confirmed it notified 10,471 people of a July 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers and other tax identifiers
- Bank account info and routing numbers
- Salary info
- Internal GlobalLogic employee numbers
- Passport info
- Countries of birth
- Nationalities
- Dates of birth
- Email addresses
- Phone numbers
- Postal addresses
- Emergency contact names and phone numbers
GlobalLogic said hackers exploited a zero-day vulnerability in the Oracle E-Business suite, which the company uses to manage finances and human resources.
Ransomware gang Clop (“Cl0p”) recently claimed responsibility for a spate of data breaches that exploited the same vulnerability, though Clop hasn’t listed GlobalLogic on its data leak site at time of writing.
GlobalLogic has not disclosed the identity of the attacker. We do not know if GlobalLogic paid a ransom or how much the attacker demanded. Comparitech contacted GlobalLogic for comment and will update this article if it replies.
“Oracle issued a security advisory on October 4, 2025 about a previously unknown zero-day exploit,” says GlobalLogic’s notice to victims. “As soon as we learned of the vulnerability, GlobalLogic immediately investigated and determined that it had been exploited within our instance of Oracle.”
GlobalLogic says attackers breached its systems as early as July 10, 2025, but it didn’t identify the unauthorized access and data theft until October 9, 2025.
GlobalLogic is offering eligible victims 24 months of free credit monitoring through Transunion. The deadline to enroll is 90 days from receipt of the notice letter.
Who is Cl0p?
Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. It specializes in exploiting zero-day software vulnerabilities, most recently in Oracle’s E-Business Suite and the Cleo file transfer software. Cl0p targets any organization using the vulnerable software. Like some other ransomware groups, Clop doesn’t always encrypt files. Instead, Clop steals data and then demands a ransom to not publish or sell it.
Cl0p says it hacked 354 organizations in 2025 alone. Eight of those organizations confirmed data breaches so far, and we expect more in the coming weeks.
The zero-day vulnerability in Oracle’s E-Business Suite was cited as the cause of several recent breaches claimed by Cl0p, including those at:
- Harvard University
- Wits University
- Envoy Air Inc
- Ansell Limited
At the end of last week, Cl0p claimed it hacked several large businesses including Logitech, International Motors, MKS Inc, Trimble, and Kirby Corporation. Those claims have not been confirmed by the targeted companies.
Ransomware attacks on US tech
Comparitech researchers have logged 23 confirmed ransomware attacks on US tech companies in 2025 to date, compromising the personal data of 818,100 people. We recorded more attacks but fewer victims in 2024, which saw 19 attacks compromise 2.3 million people.
Other such recently confirmed attacks include:
- AttainX reported an April 2025 data breach claimed by Play Ransomware
- Business Integra Technology Solutions notified 240 people of an August 2025 data breach claimed by Akira
- Digital WarRoom reported a May 2025 data breach claimed by SafePay
- Terillium reported a July 2025 data breach claimed by Play
Ransomware attacks on tech companies can steal data and lock down computer systems. In Clop’s case, it might just be the former. Data extortion forces businesses to pay a ransom for the ransomware gang to delete the stolen data. If the company doesn’t pay, then the ransomware group sells or publicly releases the data.
About GlobalLogic
GlobalLogic is a software design and development services company headquartered in San Jose, California. Japanese corporation Hitachi acquired the company for $9.6 billion in 2021. It employs more than 20,000 people in 14 countries, serving more than 400 clients in the automotive, healthcare, and finance industries.
