In Regulatory Wrap for the week to April 11, 2025:
In this week’s Regulatory Wrap, we examine the second breach to Oracle Cloud’s system in two months, which raises questions about the security of public cloud providers.
Regulatory Wrap Episode 58: Oracle Cloud breach calls for a cybersecurity wake-up call
In Regulatory Wrap for the week to April 11, Ryan Sheridan discusses the alleged Oracle Cloud data breach that affected over 140,000 customers.
Highlights:
1. The Financial Industry Regulatory Authority (FINRA) advised firms to “be aware of an alleged large scale data breach possibly affecting Oracle Cloud’s services”
2. A threat actor gained access to personally identifiable information on Oracle’s system and advertised nearly 6 million data records for sale
3. While Oracle denied the breach publicly, news sources reported that the company contacted clients privately
4. The hacker gained access to Oracle’s system by exploiting gaps in its legacy platforms, signifying that large cloud providers may rely on systems that could increase the chances of cybersecurity incidents
5. It’s important for firms to confirm that enlisted third-party vendors have strong security credentials and a thorough understanding of how their technology stacks have evolved
This week’s episode is brought to you by our Senior Manager, Regulatory Intelligence Strategy & Market Intelligence, Ryan Sheridan.
The size of public cloud providers doesn’t always guarantee security – it’s important that firms weigh the resilience of third-party systems to ensure comprehensive governance standards. Unlike a patchwork of providers, an end-to-end compliance solution minimizes potential breach risks.
