Allianz UK has become the latest major organization to fall victim to cybercriminals exploiting a critical Oracle E-Business Suite vulnerability.
The attackers gained access through the company’s EBS system, which manages personal lines business, including home, car, pet, and travel insurance products.
The UK subsidiary of the insurance giant confirmed the breach but declined to comment on potential extortion demands from the Clop criminal group.
Allianz UK did report the incident to the Information Commissioner’s Office, though the regulator has not publicly acknowledged the claim.
The company emphasized that this attack remains separate from a previous breach affecting Allianz Life, its American subsidiary.
That incident compromised data belonging to 1.4 million customers in July. The distinction underscores the widespread nature of the vulnerability affecting multiple enterprise systems across different regions.
Allianz UK now joins an expanding roster of victims, including the Washington Post, which confirmed a related attack earlier this week.
American Airlines’ subsidiary Envoy Air also disclosed its compromise last month, demonstrating Clop’s sustained targeting of major corporations through the same EBS exploit.
Security researchers at Google estimate that “dozens” of organizations have been affected by attacks exploiting CVE-2025-61882, which carries a critical 9.8 CVSS score.
Investigations suggest the exploitation campaign began as early as July, three months before any public detection, providing attackers with a significant head start.
“Large-scale zero-day campaigns like this are becoming a regular feature of cybercrime,” warned John Hultquist, chief analyst at Google Threat Intelligence Group.
Historical Clop campaigns have impacted hundreds of victims, though exact numbers remain unclear.
The group previously gained notoriety through the 2023 MOVEit MFT supply chain attack, which compromised over 95 million individuals and approximately 3,000 organizations.
The current Oracle EBS campaign demonstrates Clop’s continued sophistication and access to critical vulnerabilities targeting enterprise infrastructure.
| CVE ID | CVSS Score | Affected Product | Status | Attack Vector |
|---|---|---|---|---|
| CVE-2025-61882 | 9.8 | Oracle E-Business Suite (EBS) | Actively Exploited | Remote Code Execution |
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1).webp?resize=1068,580&ssl=1&description=The attackers gained access through the company's EBS system, which manages personal lines business, including home, car, pet, and travel insurance products.){kind=link}