An electronic hacking group is threatening executives in major institutions and companies with leaking their companies’ data after breaching the Oracle E-Business system; a core platform for managing key company operations including financial management, supply chain management, and customer relations.

According to Halcyon, a cybersecurity company currently handling the incident, the group demanded a ransom of up to 50 million dollars. The hacking group, claiming affiliation with a criminal group called “C10P”, provided evidence of the breach; including screenshots and lists of stolen files from the targeted companies.

Bloomberg News quoted Cynthia Kayser, Vice President of Ransomware Research at Halcyon, saying, “We have observed that the C10P group recently demanded huge ransom sums reaching millions of dollars… This group is known for stealthily and extensively stealing data, giving it significant bargaining power in ransom negotiations.”

According to Genevieve Stark, Head of Cybercrime Fighting at Google’s Information Security Group, the group began sending ransom demand emails on or before September 29, 2025.

Stark explained that these emails were sent from hundreds of hacked email accounts, claiming data theft.

According to a source familiar with the campaign, who requested anonymity due to confidentiality, the ransom emails contain spelling and grammatical errors, a distinctive feature of this group. The targets of these emails or whether any victims have paid ransom have not been disclosed.

The Head of Cybercrime Fighting at Google’s Information Security Group pointed out that one of the email addresses used in these messages was previously used by a member of the “C10P” group, and the messages contain contact information listed on the “C10P” website. She added that there is, so far, sufficient evidence to verify the authenticity of the ransom demands in the extortion emails.