Key Takeaways
- Envoy Air, a subsidiary of American Airlines, has confirmed that it recently suffered a data breach.
- The company was targeted by CIop, a hacker group that has been targeting Oracle E-Business Suite (EBS) customers.
- The cybersecurity landscape is in crisis, with the recent Jaguar Land Rover data breach indicating that logistics businesses are equally vulnerable to their business counterparts.
Envoy Air, a subsidiary of American Airlines, has suffered a wide-ranging cyberattack. The group confirmed that it fell victim to a recent cybercrime campaign targeting organizations that use Oracle’s E-Business Suite (EBS) management solution.
Last week, American Airlines was listed on a Tor-based leak website belonging to the so-called CIop ransomware group. American Airlines data totaling 26GB was made public on the website, leading Envoy to admit that “a limited amount of business information and commercial contact details may have been compromised.”
High-profile data breaches continue to wreak havoc across the business sector in 2025. Recently, a massive security breach at F5 led the Cybersecurity and Infrastructure (CISA) to issue an emergency directive, illuminating the scale of a problem which threatens to spiral out of control.
American Airlines Subsidiary Hit With Cyberattack
Envoy Air has confirmed that it recently suffered a data breach. The company, which is one of the largest subsidiaries of American Airlines, carries out more than 800 flights per day to more than 160 destinations under the American Eagle brand.
Reportedly, the company fell victim to a wide-ranging cybercrime campaign targeting the Oracle EBS management solution. This was allegedly carried out by the CIop ransomware group, which has links to the cybercrime group known as FIN11.
In a statement to media, Envoy confirmed that it been targeted as part of the campaign, with a spokesperson saying that “a limited amount of business information and commercial contact details may have been compromised.”
Hacker Group Targets Oracle Customers
The Envoy Air breach forms part of a wider plot conducted by ransomware group, CIop. The perpetrators have been targeting Oracle EBS users through a zero-day vulnerability, which has so far affected American Airlines, Harvard University, the University of Witwatersrand in South Africa, and industrial giant, Emerson.
The South African university confirmed via a statement that it was working to determine which data had been compromised. While the hacker group has confirmed that it stole data from Emerson, no such information has been made public yet.
In recent years, the group has gained notoriety for launching similar attacks on file transfer services including Cleo, MOVEit, and Fortra. Reportedly, CIop victims receive extortion emails not long after the initial breach is identified.
Business World in Cybersecurity Crisis
In 2025, the business sector is facing an unprecedented problem: data breaches. Not only are costly cyberattacks becoming more frequent, but firms are not adequately prepared to deal with the rising threat level. If this problem continues unabated, the consequences will be severe.
In order to counteract the threat, businesses have an obligation to increase their cybersecurity budgets, investing money into the latest tech and talent. Alongside this, companies should also look to upskill their existing employees and make sure they’re properly vetting their vendors, as data breaches involving third parties are also on the rise.
And as the recent Jaguar Land Rover cyberattack illustrates, the logistics industry is no different. In order to prevent supply chains from grinding to a halt when cyber disaster strikes, logistics businesses should make sure that cybersecurity is top of their agenda as we head towards the new year.
