Maritz Holdings Data Breach Exposes Social Security Numbers

On Nov. 13, 2025, the global management consulting firm, Maritz Holdings Inc., discovered a data breach involving its Oracle E-Business Suite (EBS) platform. The breach occurred between Aug. 10 and Aug. 13, 2025, when an unauthorized third party exploited a previously unknown (zero-day) vulnerability in Oracle EBS. This vulnerability had not yet been publicly disclosed or patched at the time of the incident, leaving many organizations worldwide exposed.

The attackers, identified as the CL0P ransomware group, gained access to Maritz’s Oracle EBS environment, which the company primarily uses for finance-related activities such as invoicing, receiving payments, and issuing payments through accounts payable. During the brief window of unauthorized access, the attackers exfiltrated files containing sensitive personal information.

The types of consumer information exposed in this breach include names, Social Security numbers, addresses, and financial information including account number, credit/ debit card numbers.

State disclosures confirm that 320 Texas residents, eleven New Hampshire residents, previously three, and four Maine residents were impacted. The company notified affected individuals by written letter on Feb. 27, 2026. Maritz also disclosed the breach to the California Attorney General and the Vermont Attorney General.

The CL0P ransomware group claimed responsibility for the attack and posted about the breach on the dark web on Nov. 13, 2025.

Maritz Holdings' response

Maritz is offering a complimentary 24-month membership to Experian IdentityWorks credit monitoring and identity protection services. This service includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Affected individuals can enroll in this program at no cost and without impacting their credit scores.

Maritz has provided a dedicated toll-free hotline (833-918-3973) for questions and support related to the breach.