Envoy Air Confirms Data Breach Linked to Oracle E-Business Suite Exploit by CL0P Hackers

Envoy Air, the largest regional carrier for American Airlines, has confirmed a cybersecurity breach tied to a recent wave of attacks exploiting vulnerabilities in Oracle E-Business Suite applications. The Irving, Texas-based airline, which operates more than 160 aircraft on 875 daily flights, disclosed the incident following claims by the cybercriminal group “CL0P.”

According to a company spokesperson, Envoy Air is actively investigating the breach and has notified law enforcement. The spokesperson emphasized that a detailed review revealed no sensitive or customer data was compromised, though a limited amount of business information and commercial contact details may have been accessed.

Envoy Air is the second organization to confirm being targeted in the ongoing CL0P campaign, which has already affected several high-profile entities. The hackers reportedly exploited Oracle software vulnerabilities to gain unauthorized access to corporate systems. CL0P, known for its large-scale extortion operations against software providers, listed American Airlines on its data leak website late Thursday, though the exact timing of the breach remains unclear.

American Airlines referred all inquiries to Envoy Air regarding the incident. Meanwhile, cybersecurity experts warn that this attack is part of a broader campaign impacting major institutions. Google’s security division recently reported on October 9 that “mass amounts of customer data” were stolen in similar operations that may have been active for at least three months. Additionally, Harvard University confirmed a related cyberattack earlier this week, suggesting the scope of the campaign may be expanding.

Envoy Air stated it is taking proactive measures to secure its systems and strengthen defenses against future attacks. The company reiterated that customer safety and data protection remain top priorities as investigations continue.