Recently, NCH announced that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice shared on its website, NCH became aware that an unauthorized actor leveraged a previously unknown vulnerability in Oracle’s E-Business Suite (“Oracle EBS”), which NCH uses to manage operations, to take information from numerous organizations’ Oracle EBS applications.1 As a result, NCH launched an investigation to determine the nature of the incident.
Through its investigation, NCH confirmed that sensitive personal information in its Oracle EBS application may have been accessed and acquired by an unauthorized third party in mid-August. As a result, NCH began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
Name
Social Security number
Date of birth
Benefits election information
As a result of the breach, NCH posted notice of the breach on its website. Additionally, on December 5, 2025, NCH began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Maine residents, NCH is providing affected individuals with a list of the specific types of sensitive information impacted and 12 months of complimentary credit monitoring services. A link to the website br
Source: https://straussborrelli.com/2025/12/08/nch-corporation-data-breach-investigation/
NCH Corporation cybersecurity rating report: https://www.rankiteo.com/company/nch
"id": "NCH1765246615",
"linkid": "nch",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': 'Numerous '
'individuals',
'industry': 'Healthcare',
'location': None,
'name': 'NCH',
'size': None,
'type': 'Organization'}],
'attack_vector': 'Exploitation of unknown vulnerability',
'customer_advisories': '12 months of complimentary credit '
'monitoring services provided to affected '
'individuals',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security '
'number',
'Date of birth',
'Benefits election '
'information']},
'date_detected': '2025-08-15',
'date_publicly_disclosed': '2025-12-05',
'description': 'NCH experienced a data breach where sensitive '
'personal identifiable information may have been '
'compromised due to an unauthorized actor '
'exploiting a previously unknown vulnerability in '
'Oracle’s E-Business Suite (Oracle EBS). The '
'breach affected numerous organizations using '
'Oracle EBS, and NCH confirmed that personal data '
'was accessed and acquired by an unauthorized '
'third party in mid-August.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive personal identifiable '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Oracle E-Business Suite'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Oracle E-Business '
'Suite vulnerability',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Exploitation of '
'unknown vulnerability '
'in Oracle E-Business '
'Suite'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'NCH Breach Notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Posted notice on website '
'and mailed data breach '
'notification letters',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unauthorized third party',
'title': 'NCH Data Breach via Oracle E-Business Suite '
'Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'Previously unknown vulnerability in '
'Oracle E-Business Suite'}}