Canon Confirms Subsidiary Breach in the Cl0p Oracle EBS Hack Campaign
Published on November 25, 2025
Key Takeaways
- Incident confirmation: Canon has confirmed that a subsidiary of Canon U.S.A., Inc., was impacted by the campaign exploiting the Oracle E-Business Suite vulnerability.
- Limited impact: The incident allegedly affected only a web server, and security measures have been implemented to restore service.
- Broader campaign: The attack is linked to the Cl0p ransomware group, which has named over 100 organizations as victims of the EBS exploit.
Imaging giant Canon has confirmed one of its subsidiaries was a target in the recent, large-scale hacking campaign exploiting a vulnerability in Oracle's E-Business Suite (EBS). The confirmation places Canon among a growing list of major corporations impacted by this sophisticated cyberattack.
Details of the Breach and Response
In a statement, the company clarified that the incident was limited in scope, affecting only a single web server at a subsidiary of Canon U.S.A., Inc. “We have confirmed that the incident only affected the web server, and we have already taken security measures and resumed service,” Canon said in the statement.
According to Canon, its investigation determined that the data breach was contained and has since implemented necessary security measures and restored the affected service. An investigation is ongoing to ensure no further impact exists across its network.
While the Cl0p ransomware group has been publicly taking credit for the campaign and leaking data from some victims, no Canon data had been leaked at the time of the announcement.
The Widespread Oracle EBS Vulnerability Exploit
The attack on Canon's subsidiary is part of a much broader campaign orchestrated by Cl0p, which is often associated with TA505 and FIN11, according to Tenable and reports from Mandiant, groups that have deployed the Cl0p ransomware and conducted extortion attacks leveraging various zero-days.
The attackers are exploiting a zero-day Oracle EBS vulnerability to compromise enterprise systems worldwide. More than 100 organizations across sectors like manufacturing, IT, and healthcare have been named as alleged victims on Cl0p's website.
Reports say other major companies, including Mazda and Cox Enterprises, have also confirmed they have been impacted by the EBS exploit.
Among the victims listed on Friday are:
- Broadcom,
- The Estée Lauder Companies,
- Michelin,
- Macy's,
- Madison Square Garden,
- Fruit of the Loom,
- Humana,
- Bechtel Corporation,
- The University of Phoenix.
Other targets announced previously include the Swiss tech giant Logitech, the Washington Post, American Airlines, and Harvard University.
In the past months, high-profile companies have been impacted by Salesforce data breaches, including Google, Cisco, Air France-KLM Group, Qantas Airlines, Chanel, Adidas, Louis Vuitton, Dior, and Tiffany & Co.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular