Envoy Air, a wholly owned subsidiary of American Airlines, has confirmed it fell victim to a hacking campaign exploiting vulnerabilities in Oracle’s E-Business Suite (EBS).
The breach, first highlighted by the notorious Clop ransomware group, underscores the growing risks facing enterprise software in the aviation sector.
Clop, known for high-profile extortion schemes like the MOVEit Transfer attacks, claimed responsibility last week, listing American Airlines among over 60 organizations hit through unpatched flaws in Oracle EBS.
The group, which operates out of Russia-linked networks, has demanded ransoms in cryptocurrency, threatening to leak stolen data on its dark web site if unpaid.
While Clop didn’t specify the exact vulnerabilities, security researchers point to known issues in Oracle’s WebLogic Server and EBS modules, such as CVE-2023-21931, which allow remote code execution if not properly secured.
Envoy’s admission came swiftly after the claims surfaced, aiming to reassure stakeholders amid rising concerns over aviation data security.
Envoy Compromised
“We are aware of the incident involving Envoy’s Oracle E-Business Suite application,” an Envoy spokesperson told Cybersecurity News. “Upon learning of the matter, we immediately began an investigation and law enforcement was contacted”.
“We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected. A limited amount of business information and commercial contact details may have been compromised.”
The spokesperson emphasized that passenger records, flight operations, and personal identifiable information remained untouched, mitigating immediate risks to travelers.
However, the exposure of internal business data could still pose challenges, including potential phishing vectors or competitive intelligence leaks for the regional carrier, which operates over 150 aircraft and serves millions of passengers annually under the American Airlines banner.
Experts warn that this incident highlights systemic vulnerabilities in legacy enterprise systems. Oracle EBS, widely used for HR, finance, and supply chain management, has faced criticism for slow patching cycles.
Cybersecurity firm Mandiant noted in a recent report that Clop’s tactics often target third-party software to amplify reach, affecting not just direct victims but entire ecosystems.
As investigations continue with federal authorities, including the FBI’s cyber division, Envoy stated it has implemented enhanced monitoring and updated its Oracle systems. American Airlines, while not directly named in data leaks, has bolstered its subsidiary’s defenses in response.
This breach arrives amid a wave of aviation cyberattacks, from ransomware hitting airports to state-sponsored espionage. Industry leaders are urging faster adoption of zero-trust architectures to safeguard critical infrastructure.
For now, Envoy passengers can fly with relative peace of mind, but the event serves as a stark reminder: in cybersecurity, one weak link can ground an entire operation.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post American Airlines Subsidiary Envoy Compromised in Oracle Hacking Campaign appeared first on Cyber Security News.
