Oracle Hit with Lawsuit Over Alleged Cloud Breach Affecting Millions

The state of Texas is now at the center of a legal firestorm after a class action lawsuit was filed against Oracle Corporation over a massive cloud data breach. The complaint, lodged on March 31, 2025, in the U.S. District Court for the Western District of Texas, accuses Oracle of failing to safeguard sensitive information and withholding timely notification to affected individuals.

The breach in question was first reported by Hackread.com on March 22, 2025. A hacker using the alias “rose87168” claimed on Breach Forums to have gained access to Oracle’s cloud infrastructure back in January 2025. According to the hacker, the compromised data included encrypted SSO passwords, Java KeyStore (JKS) files, enterprise manager JPS keys, and user credentials linked to Oracle Cloud’s SSO and LDAP systems. The stolen dataset was said to include information tied to around 6 million users.

Oracle has publicly denied the breach, refusing to elaborate further. However, CloudSEK, a cybersecurity firm, conducted its own investigation and claimed to have found “conclusive evidence” of a breach. On March 31 2025, the hacker released additional proof on Breach Forums, including internal LDAP records and partial credentials from Oracle’s cloud environment.

A forum administrator reportedly verified the data’s authenticity, although Hackread.com stated it could not independently confirm the breach in full until Oracle provides transparency.

Oracle Lawsuit

The class action lawsuit was filed on 31st March 2025 by plaintiff Michael Toikach, a Florida resident, who claims his private information was stored within Oracle’s systems through a healthcare provider that used Oracle’s software. The complaint argues that Oracle failed to meet industry-standard security practices and accuses the company of negligence, breach of fiduciary duty, unjust enrichment, and breach of third-party beneficiary contracts.

Toikach claims he has had to spend considerable time monitoring his financial and medical accounts since the news broke. The lawsuit further states that Oracle failed to comply with Texas state law, which requires organizations to notify affected individuals within 60 days of confirming a breach. Oracle has not made any such notification as of the date of filing.

What raises the stakes is the nature of the compromised data. The complaint highlights that the leak involved not only personally identifiable information (PII) but also sensitive health data. It cites multiple sources, including Bloomberg and HIPAA Journal, which reported that Oracle had begun alerting some healthcare clients, but quietly, about a patient data breach. The hacker’s posts threatened to release the full list of affected companies, offering to exclude specific organizations if they paid to have their employee records removed.

The complaint outlines a long list of alleged failures by Oracle, including the lack of proper encryption, poor network monitoring, and failure to detect or respond to the breach on time. It also points to Oracle’s own public privacy policies, which state that the company would report any breach without undue delay, something the lawsuit claims has not happened.

With demands for compensatory damages, credit monitoring services, and reforms to Oracle’s data security infrastructure, the class action is shaping up to be one of the most significant legal challenges Oracle has faced in years. The case is also likely to renew debate over the accountability of cloud service providers and how they handle the sensitive data of clients and their end users.

Oracle has yet to file a response in court.