Oracle has notified some customers that their data in its public cloud has been stolen. Last week, the company denied there was a problem.
Oracle has quietly emailed some of its customers to report that their data was stolen from a public cloud leak. The leak is said to concern a server with eight-year-old data.
Some of those customers told the tech site The Register that the company is using security firm CrowdStrike to assist the customers with this.
The admission is remarkable because Oracle denied a data breach in early April. The Register had noted that an attacker had claimed access to Oracle Cloud customers’ login systems and stolen six million documents in March.
Experts also found the sample documents that the attacker had posted online to be credible. According to Oracle, however, nothing was wrong at the time.
The fact that Oracle is now taking steps to remedy the data breach and assist customers is a good sign, but these steps come a bit late. The European Union, among others, requires companies (via the GDPR) to report data breaches of personal information within 24 hours.
If Oracle was made aware of a possible leak and denied it for days, the company may be in violation.
Be First to Comment