Oracle Cloud massive hack - DSTA, OCBC in leaked list
MINDEF, OCBC announced a partnership with Oracle Cloud in March 2025. Days later, Oracle allegedly suffered the biggest hack of 2025 - 6M records for sale

Oracle announced last week (Mar 21) that it secured a significant contract with Singapore's Defence Science and Technology Agency (DSTA) to provide an **Oracle Cloud services for the Ministry of Defence (MINDEF) and Singapore Armed Forces (SAF). The Digital and Intelligence Service will also partner with Oracle to accelerate AI deployment for military missions.
In the same month, OCBC announced a partnership with Oracle to shift its finance operations to the cloud.
Just a day earlier (Mar 20), a user with the moniker "rose87168" posted on a hacking forum purportedly selling 6 million records extracted from Oracle Cloud's servers. The data included sensitive information such as encrypted credentials for authentication and other private keys of approximately 140K tenants.
It was the dubbed the biggest supply chain hack of 2025. The hacker claimed that the breach occurred 40 days ago in late February.

Hacker demanded ransom from Oracle in February 2025
A month before the hack, the hacker contacted Oracle with a demand for more than 200 million dollars in crypto coins.
Oracle refused to comply.
The hacker is currently coercing affected companies and organizations to pay for data removal, increasing financial and reputational risks.
Oracle initially denied the breach but investigations show leak is real
"There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company told BleepingComputer shortly after news organizations reported on the hack.
On Tuesday (Mar 25), the hacker shared a 10,000-line sample to further substantiate their claims. The sample alone contains data from 1,500+ unique organisations, indicating a significant breach.
The dataset includes a substantial number of personal email addresses, likely due to organisations allowing SSO-based authentication for their users and customers.

DSTA, OCBC among organisations listed in the data leak
Fathership has identified dsta.gov.sg and ocbc.com as being listed in the data leak. Even if the entity do not use Oracle as the primary cloud, if someone tried Oracle at some point, even as a trial use, the domain might be present in the list shared by the hacker.
The authenticity of the hack is debated. Some analysts question the hacker’s inability to decrypt the data, suggesting it might be outdated (e.g., from 2022 backups) or exaggerated.
As of now, it’s unresolved, with Oracle standing by its denial and the cybersecurity community urging affected organizations to rotate credentials, monitor systems, and engage Oracle for clarification.