Monday, November 10, 2025
Latest:

Threatshub.org sponsored-Post

The Register

Allianz UK joins growing list of Clop’s Oracle E-Business Suite victims

TH Author

Allianz UK confirms it was one of the many companies that fell victim to the Clop gang’s Oracle E-Business Suite (EBS) attack after crims reported that they had attacked a subsidiary.

The criminal crew behind the wave of zero-day data raids claimed to have attacked Allianz-owned British insurer Liverpool Victoria (LV) on Tuesday, but a spokesperson for its parent company waved away these allegations.

Allianz UK, which trades as LV= General Insurance, told The Register that the attack compromised the data of its customers, and there was no impact on LV pension customers or systems at all.

It confirmed 80 current Allianz UK customers and 670 previous customers were affected, all of whom had been contacted and offered support.

The attackers broke in via the company’s Oracle EBS, which is used in its personal lines business, covering products such as home, car, pet, travel, and other types of personal insurance.

Allianz UK refused to comment on whether it was extorted by the criminals working for Clop, but said that it reported itself to the Information Commissioner’s Office, although the watchdog did not respond to our efforts to verify this claim.

The insurance giant also confirmed that the attack was entirely separate from an earlier breach at Allianz Life, one of its US subsidiaries, the majority of whose 1.4 million customers had their data compromised in July.

It joins a long list of organizations to have been hit by Clop using the same EBS exploit, among which was the Washington Post, which confirmed a related attack on Thursday.

American Airlines’ subsidiary, Envoy Air, also confirmed it was among the bigger victims of Clop’s EBS raids last month.

Researchers at Google offered their view on the situation in early October, positing that “dozens” of organizations were likely affected, and that attacks exploiting CVE-2025-61882 (9.8) could have begun as early as July, three months before any detections were made public.

“We’re still assessing the scope of this incident, but we believe it affected dozens of organizations,” John Hultquist, chief analyst at Google Threat Intelligence Group, told The Register at the time. 

“Some historic Clop data extortion campaigns have had hundreds of victims. Unfortunately, large-scale zero-day campaigns like this are becoming a regular feature of cybercrime.”

Clop made a name for itself off the back of the supply chain attack on Progress’ MOVEit MFT software – another zero-day attack in 2023 that has affected more than 95 million individuals and nearly 3,000 organizations to date. ®

READ MORE HERE