SecureFact – Cyber Security News – Week of March 31, 2025

Sam’s Club is currently investigating claims of a potential Clop ransomware breach.
The ransomware group has added Sam’s Club to its dark web leak site but has not yet provided proof of the breach.
Sam’s Club has acknowledged the reports and stated that they are taking the matter seriously, emphasizing the importance of protecting the privacy and security of their members’ information.
This isn’t the first security incident for Sam’s Club, as they had a credential stuffing attack in 2020.
Clop has been linked to previous data theft campaigns.

A data breach at Oracle Health, formerly Cerner, has compromised patient data at multiple US hospitals.
The breach, which Oracle Health became aware of on February 20, 2025, involved unauthorized access to legacy Cerner data migration servers via compromised customer credentials. Patient information from electronic health records was stolen.
Oracle Health is leaving it up to the impacted hospitals to determine if the stolen data violates HIPPA laws and whether they are required to send notifications, offering assistance in identifying impacted individuals and providing notification templates.
The lack of transparency and formal acknowledgement from Oracle, including the use of plain paper communications and directing customers to phone communication only, has frustrated those affected.

Parcel Plus, a business in Hanover, York County, Pennsylvania, has disclosed a data breach resulting from a spear phishing attack linked to foreign actors.
The breach affected federal tax returns, with at least 21 clients having their direct deposit information altered to redirect refunds to other accounts.
The company is working with the IRS to resolve the issue and has assured that all affected individuals will receive their refunds, albeit with some delays and additional paperwork.
The FBI is investigating the incident. Parcel Plus has asked affected customers to stay in close contact for updates and assistance.

StreamElements, a cloud-based streaming tool platform, has confirmed a data breach originating from a third-party service provider they stopped working with last year.
A threat actor leaked samples of stolen data, claiming to have obtained data from 210,000 StreamElements customers, including full names, addresses, phone numbers, and email addresses.
While StreamElements assures that their servers were not breached, they are investigating the incident and reaching out to affected customers.
A journalist verified the authenticity of the leaked data.
The hacker claims to have stolen data from 2020-2024 by compromising an internal account via malware. StreamElements has warned users about phishing attacks exploiting the breach and is currently investigating the incident.

Oracle is facing allegations of a significant data breach involving its Cloud federated Single Sign-On (SSO) login servers, with a hacker named “rose87168” claiming to have stolen six million records.
The leaked data reportedly includes encrypted SSO passwords, LDAP information, Java KeyStore files, and sensitive authentication data from over 140,000 Oracle Cloud tenants.
The hacker demonstrated access by uploading a file to Oracle’s servers and is selling the data on hacking forums, offering decryption assistance for the stolen credentials.
While Oracle has denied the breach, insisting no customer data was compromised, cybersecurity firms and affected organizations have verified the authenticity of some leaked samples.
Evidence suggests the breach may involve exploitation of a known vulnerability (CVE-2021-35587) in Oracle’s systems that was potentially left unpatched. Security experts warn of risks like espionage and downstream supply chain attacks due to exposed credentials. Investigations are ongoing, with Oracle maintaining its denial despite mounting evidence from security researchers and customers.