Oracle Hit with Lawsuit Over Alleged Cloud Breach Affecting Millions (2025)

The state of Texas is now at the center of a legal firestorm after a class action lawsuit was filed against Oracle Corporation over a massive cloud data breach. The complaint, lodged on March 31, 2025, in the U.S. District Court for the Western District of Texas, accuses Oracle of failing to safeguard sensitive information and withholding timely notification to affected individuals.

The breach in question was first reported by Hackread.com on March 22, 2025. A hacker using the alias “rose87168” claimed on Breach Forums to have gained access to Oracle’s cloud infrastructure back in January 2025. According to the hacker, the compromised data included encrypted SSO passwords, Java KeyStore (JKS) files, enterprise manager JPS keys, and user credentials linked to Oracle Cloud’s SSO and LDAP systems. The stolen dataset was said to include information tied to around 6 million users.

Oracle has publicly denied the breach, refusing to elaborate further. However, CloudSEK, a cybersecurity firm, conducted its own investigation and claimed to have found “conclusive evidence” of a breach. On March 31 2025, the hacker released additional proof on Breach Forums, including internal LDAP records and partial credentials from Oracle’s cloud environment.

A forum administrator reportedly verified the data’s authenticity, although Hackread.com stated it could not independently confirm the breach in full until Oracle provides transparency. However, according to TechMundo’s report, it analyzed the data and found it to be legitimate

Oracle Lawsuit

The class action lawsuit was filed on 31st March 2025 by plaintiff Michael Toikach, a Florida resident, who claims his private information was stored within Oracle’s systems through a healthcare provider that used Oracle’s software. The complaint argues that Oracle failed to meet industry-standard security practices and accuses the company of negligence, breach of fiduciary duty, unjust enrichment, and breach of third-party beneficiary contracts.

Toikach claims he has had to spend considerable time monitoring his financial and medical accounts since the news broke. The lawsuit further states that Oracle failed to comply with Texas state law, which requires organizations to notify affected individuals within 60 days of confirming a breach. Oracle has not made any such notification as of the date of filing.

What raises the stakes is the nature of the compromised data. The complaint highlights that the leak involved not only personally identifiable information (PII) but also sensitive health data. It cites multiple sources, including Bloomberg and HIPAA Journal, which reported that Oracle had begun alerting some healthcare clients, but quietly, about a patient data breach. The hacker’s posts threatened to release the full list of affected companies, offering to exclude specific organizations if they paid to have their employee records removed.

The complaint outlines a long list of alleged failures by Oracle, including the lack of proper encryption, poor network monitoring, and failure to detect or respond to the breach on time. It also points to Oracle’s own public privacy policies, which state that the company would report any breach without undue delay, something the lawsuit claims has not happened.

With demands for compensatory damages, credit monitoring services, and reforms to Oracle’s data security infrastructure, the class action is shaping up to be one of the most significant legal challenges Oracle has faced in years. The case is also likely to renew debate over the accountability of cloud service providers and how they handle the sensitive data of clients and their end users.

Oracle has yet to file a response in court.

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings…

Oracle Hit with Lawsuit Over Alleged Cloud Breach Affecting Millions (2025)

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Jerrold Considine

Last Updated:

Views: 6196

Rating: 4.8 / 5 (58 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Jerrold Considine

Birthday: 1993-11-03

Address: Suite 447 3463 Marybelle Circles, New Marlin, AL 20765

Phone: +5816749283868

Job: Sales Executive

Hobby: Air sports, Sand art, Electronics, LARPing, Baseball, Book restoration, Puzzles

Introduction: My name is Jerrold Considine, I am a combative, cheerful, encouraging, happy, enthusiastic, funny, kind person who loves writing and wants to share my knowledge and understanding with you.