Envoy Air

Envoy Air, a regional airline subsidiary of American Airlines, disclosed a breach in its Oracle E-Business Suite system. The incident was linked to the Clop ransomware gang, which listed American Airlines on its data leak site, suggesting the compromise involved extortion threats. While the exact scope of the breach remains undisclosed, the involvement of Clop a notorious ransomware group known for data exfiltration and extortion implies potential exposure of sensitive corporate or employee data. The attack targeted a critical enterprise system (Oracle E-Business Suite), which typically manages financial, HR, and operational data, raising concerns about financial fraud, reputational damage, or regulatory penalties. Envoy Air has not confirmed whether customer data was affected, but the association with Clop increases the likelihood of internal data leaks or operational disruptions. The breach underscores vulnerabilities in third-party enterprise software and the escalating risks posed by ransomware-as-a-service (RaaS) groups like Clop.

Source: https://www.teiss.co.uk/news/envoy-air-reports-oracle-system-breach-following-clop-extortion-claims-16576

TPRM report: https://www.rankiteo.com/company/envoyair

"id": "env1432914102025",
"linkid": "envoyair",
"type": "Ransomware",
"date": "10/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'aviation',
                        'name': 'Envoy Air',
                        'type': 'subsidiary'},
                       {'industry': 'aviation',
                        'name': 'American Airlines',
                        'type': 'parent company'}],
 'data_breach': {'data_exfiltration': True},
 'description': 'Envoy Air, a subsidiary of American Airlines, has disclosed '
                'that its Oracle E-Business Suite was compromised. This '
                'follows the appearance of American Airlines on the data leak '
                'site operated by the Clop ransomware gang.',
 'impact': {'data_compromised': True,
            'systems_affected': ['Oracle E-Business Suite']},
 'motivation': 'extortion',
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': ['Clop']},
 'threat_actor': ['Clop ransomware gang'],
 'title': 'Envoy Air Oracle System Breach Following Clop Extortion Claims',
 'type': ['data breach', 'ransomware']}

Envoy Air

Asahi, City of Sugar Land and Government of Palau: Researchers warn of Qilin ransomware gang after group hit hundreds of orgs this year

Rumpke: Rumpke settles lawsuit over employee data stolen in cyberattack

deVixor: New Android Banking Malware ‘DeVixor’ Adds Ransomware Capabilities