While Oracle co-founder, executive chairman, and CTO Larry Ellison is busy trying to position his company as just the right provider of future centralized surveillance systems powered by AI and containing massive amounts of sensitive information – Oracle’s existing solutions are suffering embarrassing data breaches.
Two reported recent incidents affecting Oracle Cloud, and Oracle Health – a subsidiary providing software for the healthcare industry – revealed not only technical shortcomings but also the giant’s puzzling lack of transparency, which reports say extremely frustrated those affected.
In fact, Oracle continued to deny that the first breach happened at all – even as customers were starting to confirm it.
A hacker calling themselves “rose87168” earlier in March offered data belonging to six million Oracle Cloud customers, only for Oracle to tell Bleeping Computer, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
The company attempting to “wordsmith statements” is how cybersecurity expert Kevin Beaumont reacted to this.
“Oracle is attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility. This is not okay,” Beaumont wrote in a blog post, noting that the platform that has highly likely been affected is managed by Oracle.
A threat actor named “Andrew” is behind the second incident, which has left a number of healthcare organizations and hospitals in the US exposed to attempts to extort millions in cryptocurrency from them, in exchange for not leaking or selling the stolen patient data.
Once again, when the news about the privacy nightmare broke, Oracle started to look like something of a nightmare itself for its customers, refusing to formally admit there was a breach, and then going to considerable lengths to try and disassociate itself from the event.
This includes communicating with affected organizations without using the company’s letterhead, and even, according to reports, instructing them to communicate with the Oracle Health security officer only by phone and not email.
Oracle did not respond to TechCrunch’s request for comment when asked about the two incidents.
Merely a month prior, Larry Ellison was presenting his case for allowing Oracle to be the one to centralize pretty much all the data available in the US, including DNA.
Another of his distinctly dystopian ideas is to keep citizens on their “best behavior” via a constant AI-powered surveillance system.
