Who was behind the Envoy Air cyber attack?

The Cl0p ransomware gang was behind the attack. They exploited a zero-day vulnerability in Oracle's enterprise software to compromise dozens of organizations worldwide, including Envoy Air. The group listed American Airlines on its data leak site and began publicly releasing what they claim to be stolen data.

What type of data was compromised in the Envoy Air breach?

Envoy Air stated that no sensitive customer data or passenger information was affected by the breach. However, the investigation revealed that a limited amount of business information and commercial contact details may have been compromised during the attack.

Was customer or passenger data affected in the Envoy Air breach?

Envoy Air claimed that no sensitive customer data or passenger information was affected by the breach. The compromised data was limited to business information and commercial contact details.

How many people were affected by the Envoy Air data breach?

The number of affected individuals has not been disclosed by Envoy Air.

What vulnerability was exploited in the Envoy Air attack?

The attackers exploited a zero-day vulnerability in Oracle E-Business Suite application. This same vulnerability was used by the Cl0p ransomware gang to compromise dozens of organizations worldwide as part of a broader campaign.

What is the relationship between Envoy Air and American Airlines?

Envoy Air is a regional airline carrier subsidiary of American Airlines. Following the breach, the Cl0p ransomware gang listed American Airlines on its data leak site.

Incident

American Airlines subsidiary Envoy Air reports data breach through Oracle Zero-Day attack

published: Oct. 18, 2025

Learn More

Envoy Air, a regional airline carrier subsidiary of American Airlines, is reporting that attackers stole data from its Oracle E-Business Suite application in a cyber attack.

The breach is part of a broader campaign by the Cl0p ransomware gang, which exploited a zero-day vulnerability in Oracle's enterprise software to compromise dozens of organizations worldwide. Envoy Air, reported the incident after the Clop group listed American Airlines on its data leak site and began publicly releasing what they claim to be stolen data.

Envoy claimed that no sensitive customer data or passenger information was affected by the breach, but the investigation revealed that a limited amount of business information and commercial contact details may have been compromised during the attack.

The number of the affected individuals is not disclosed.

American Airlines subsidiary Envoy Air reports data breach through Oracle Zero-Day attack

Read More
45,000 NYC students affected by MOVEit caused vulnerability …
Union Bank & Trust reports data breach due …
Hackers breach Advance Auto Parts through Snowflake
Twilio confirms data breach exposing over 11k calls
Adidas Korea customer info exposed through third-party breach