Allianz UK Added To Growing List Of Alleged Clop Oracle E-Business Suite Breach Victims

In a development that underscores the persistent threat of zero-day exploits in enterprise software, Allianz UK has confirmed its entanglement in the Clop ransomware syndicate’s ongoing campaign targeting Oracle’s E-Business Suite (EBS).

The insurance powerhouse’s British operations, under the LV= General Insurance brand, disclosed that cybercriminals breached their systems, compromising customer data.

This revelation comes amid a wave of attacks that have ensnared numerous organizations since mid-2025.

The breach, which Clop initially misattributed to Liverpool Victoria (LV) a subsidiary under Allianz’s umbrella actually struck Allianz UK’s personal lines division.

This segment handles everyday insurance products, such as home, auto, pet, and travel policies.

According to a company spokesperson, the intrusion affected 80 current customers and 670 former ones, with all impacted individuals notified and provided support services.

Notably, LV’s pension systems and customers remained untouched, isolating the damage to specific EBS-integrated operations.

Allianz UK acted swiftly by self-reporting the incident to the UK’s Information Commissioner’s Office (ICO).

However, the regulator has yet to publicly confirm the notification. The firm declined to elaborate on any extortion demands from Clop.

Still, it emphasized that this event stands apart from a separate July 2025 data exposure at its U.S. subsidiary, Allianz Life, where over 1.4 million customers’ information was stolen.

At the heart of Clop’s assault lies CVE-2025-61882, a critical vulnerability (CVSS score: 9.8) in Oracle EBS that enables remote code execution without authentication.

Security researchers at Google Threat Intelligence first highlighted the flaw in early October 2025, estimating that attacks may have commenced as far back as July, three months before widespread detection.

John Hultquist, Google’s chief analyst, warned that “dozens” of entities likely suffered breaches, drawing parallels to Clop’s infamous 2023 supply-chain rampage via Progress Software’s MOVEit Transfer tool.

That campaign alone victimized nearly 3,000 organizations and exposed data on over 95 million people.

Allianz UK now joins a roster of high-profile casualties. The Washington Post verified a linked incursion last week.

At the same time, Envoy Air, a subsidiary of American Airlines, disclosed a significant data breach in October.

Other victims span industries, from media to aviation, illustrating EBS’s ubiquity in legacy enterprise environments.

This episode highlights the perils of delayed patching in outdated systems. Oracle issued fixes for CVE-2025-61882 in its quarterly updates.

However, many firms are lagging in deployment, leaving the door ajar for opportunistic gangs like Clop.

As Hultquist noted, such large-scale zero-day operations are “becoming a regular feature of cybercrime,” urging organizations to prioritize vulnerability management and multi-factor safeguards.

For insurers like Allianz, the fallout extends beyond data remediation to eroding customer trust amid escalating digital risks.