Michelin Confirms Data Breach in Cl0p’s Oracle EBS Cyberattack Campaign
Tire manufacturer Michelin has confirmed a data breach linked to the ongoing cybercrime campaign targeting organizations using Oracle’s E-Business Suite (EBS). The Cl0p ransomware and extortion group, believed to be operated by the FIN11 threat actor cluster, exploited zero-day vulnerabilities in Oracle EBS to access sensitive data from over 100 organizations, including Michelin.
Michelin acknowledged the incident, stating that while its systems were protected by robust security measures, attackers leveraged an Oracle EBS zero-day flaw to infiltrate its network. The company reported that only a "small, localized volume of data" was compromised, with no sensitive or technical IT information affected. No ransomware was deployed, and global operations remained unaffected.
Despite Michelin’s assurance that the breach was contained, Cl0p published over 315GB of allegedly stolen files on its leak site. Metadata analysis suggests the data originated from an Oracle EBS environment. Michelin emphasized its swift response, confirming that corrective actions were taken and the vulnerability has since been patched.
This attack follows similar breaches at Madison Square Garden, auto parts supplier LKQ, the University of Phoenix, and Korean Air, all tied to the same Oracle EBS campaign. The incidents highlight the growing threat posed by sophisticated extortion groups exploiting enterprise software vulnerabilities.
Source: https://www.securityweek.com/michelin-confirms-data-breach-linked-to-oracle-ebs-attack/
Madison Industries cybersecurity rating report: https://www.rankiteo.com/company/madison-industries
Michelin cybersecurity rating report: https://www.rankiteo.com/company/michelin
Korean Air cybersecurity rating report: https://www.rankiteo.com/company/korean-air
Oracle cybersecurity rating report: https://www.rankiteo.com/company/oracle
"id": "MADMICKORORA1773232260",
"linkid": "madison-industries, michelin, korean-air, oracle",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Tire Manufacturing',
'name': 'Michelin',
'type': 'Corporation'}],
'attack_vector': 'Exploitation of zero-day vulnerability in Oracle EBS',
'data_breach': {'data_exfiltration': 'Yes (315GB published on leak site)',
'sensitivity_of_data': 'Non-sensitive, non-technical IT data',
'type_of_data_compromised': 'Files (unspecified)'},
'description': 'Tire manufacturer Michelin confirmed a data breach linked to '
'the ongoing cybercrime campaign targeting organizations using '
'Oracle’s E-Business Suite (EBS). The Cl0p ransomware and '
'extortion group exploited zero-day vulnerabilities in Oracle '
'EBS to access sensitive data from over 100 organizations, '
'including Michelin. Cl0p published over 315GB of allegedly '
'stolen files on its leak site, with metadata suggesting the '
'data originated from an Oracle EBS environment.',
'impact': {'data_compromised': '315GB of files',
'operational_impact': 'None (global operations unaffected)',
'systems_affected': 'Oracle EBS environment'},
'initial_access_broker': {'entry_point': 'Oracle EBS zero-day vulnerability'},
'motivation': 'Extortion',
'post_incident_analysis': {'corrective_actions': 'Vulnerability patched, '
'containment measures '
'implemented',
'root_causes': 'Exploitation of Oracle EBS '
'zero-day vulnerability'},
'ransomware': {'data_encryption': 'No', 'data_exfiltration': 'Yes'},
'references': [{'source': 'Michelin Public Statement'}],
'response': {'communication_strategy': 'Public disclosure and assurance of '
'containment',
'containment_measures': 'Corrective actions taken, vulnerability '
'patched',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Vulnerability patched'},
'threat_actor': 'Cl0p (FIN11)',
'title': 'Michelin Data Breach in Cl0p’s Oracle EBS Cyberattack Campaign',
'type': 'Data Breach',
'vulnerability_exploited': 'Oracle EBS zero-day flaw'}