Maritz Holdings Inc. Suffers Data Breach via Oracle E-Business Suite Vulnerability
Maritz Holdings Inc., a Missouri-based management consulting firm with $1.4 billion in revenue and 4,250 employees, disclosed a data breach stemming from an exploited vulnerability in Oracle E-Business Suite (EBS). The incident occurred between August 10–13, 2025, before Oracle publicly acknowledged the flaw.
The CL0P ransomware group claimed responsibility for the attack, posting details on the dark web. Maritz detected the breach on November 13, 2025, after launching an investigation with cybersecurity experts and notifying law enforcement. The probe confirmed that unauthorized access led to the exposure of sensitive data, including names, Social Security numbers, and financial account information.
Affected individuals including current and former Maritz employees and clients were notified in writing on February 27, 2026. While the total number of impacted U.S. victims remains undisclosed, state-specific figures include four in Maine, 85 in Massachusetts, and three in New Hampshire.
The breach highlights risks tied to third-party software vulnerabilities, particularly in widely used enterprise systems like Oracle EBS. Legal investigations are underway for potential compensation claims.
Source: https://www.claimdepot.com/investigations/maritz-data-breach-2026
Maritz cybersecurity rating report: https://www.rankiteo.com/company/maritz
Oracle cybersecurity rating report: https://www.rankiteo.com/company/oracle
"id": "MARORA1772484170",
"linkid": "maritz, oracle",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Current and former employees '
'and clients',
'industry': 'Consulting',
'location': 'Missouri, USA',
'name': 'Maritz Holdings Inc.',
'size': '4,250 employees, $1.4 billion revenue',
'type': 'Management Consulting Firm'}],
'attack_vector': 'Exploited vulnerability in Oracle E-Business Suite',
'customer_advisories': 'Written notifications sent to affected individuals on '
'February 27, 2026',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Financial account information']},
'date_detected': '2025-11-13',
'date_publicly_disclosed': '2026-02-27',
'description': 'Maritz Holdings Inc., a Missouri-based management consulting '
'firm, disclosed a data breach stemming from an exploited '
'vulnerability in Oracle E-Business Suite (EBS). The CL0P '
'ransomware group claimed responsibility for the attack, '
'leading to the exposure of sensitive data, including names, '
'Social Security numbers, and financial account information.',
'impact': {'data_compromised': 'Sensitive data, including names, Social '
'Security numbers, and financial account '
'information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential compensation claims',
'payment_information_risk': 'High',
'systems_affected': 'Oracle E-Business Suite (EBS)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Highlights risks tied to third-party software '
'vulnerabilities, particularly in widely used enterprise '
'systems like Oracle EBS',
'post_incident_analysis': {'root_causes': 'Exploited vulnerability in Oracle '
'E-Business Suite (EBS)'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'CL0P'},
'references': [{'source': 'Dark web post by CL0P ransomware group'}],
'regulatory_compliance': {'legal_actions': 'Legal investigations underway for '
'potential compensation claims'},
'response': {'communication_strategy': 'Written notifications to affected '
'individuals',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'CL0P ransomware group',
'title': 'Maritz Holdings Inc. Suffers Data Breach via Oracle E-Business '
'Suite Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'Oracle E-Business Suite (EBS) vulnerability'}