On August 15, 2024, cybersecurity researchers at AppOmni warned consumers of a potential issue that they discovered in the Oracle NetSuite SuiteCommerce platform that could allow hackers to access sensitive customer data. More specifically, researchers have found that thousands of businesses using Oracle NetSuite's SuiteCommerce platform are at risk of leaking sensitive customer information due to a misconfiguration error. This is not because of a flaw in NetSuite itself but due to a common mistake in how access controls are set up by the businesses using it.

If you receive a data breach notification from any company referencing a misconfiguration issue in Oracle’s NetSuite SuiteCommerce platform, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the data breach. For more information, please see our recent piece on the topic here.

Can Companies Using the NetSuite SuiteCommerce Platform Prevent a Data Breach?

Yes, while the misconfiguration error with Oracle’s NetSuite SuiteCommerce Platform opens the door to possible data breaches, those organizations with a savvy IT department can prevent a data breach. To fix the problem, businesses need to tighten the security over these records. This can be done by changing the settings to make sure only authorized users can access the data, or by carefully reviewing and locking down specific fields that shouldn't be publicly accessible. In some cases, it might even be wise to temporarily take the affected sites offline until these issues are resolved.

Liability in the Event of a Possible Oracle Data Breach

In the event of a data breach caused by a misconfiguration error in Oracle NetSuite, both Oracle and the business using NetSuite could potentially be held liable, depending on the specifics of the case.

It is possible that Oracle could be found liable if it is determined that the platform's design or its default settings contributed to the ease of misconfiguration, especially if these defaults were not adequately communicated to users. If Oracle failed to provide clear guidelines, warnings, or updates that could have prevented the misconfiguration, it might bear some responsibility for the resulting data breach.

The business using NetSuite would also be potentially liable, particularly if the misconfiguration resulted from inadequate attention to security settings. Businesses are generally responsible for how they configure and manage their software environments, especially when handling sensitive customer data. If the breach is linked to negligence in securing their NetSuite implementation, the business could face legal action for failing to protect customer information.

What Is NetSuite?

NetSuite by Oracle is a comprehensive cloud-based software platform designed to help businesses manage a wide range of operations. It's known as an Enterprise Resource Planning (“ERP”) system, which means it integrates various business processes into a single system to streamline operations and provide real-time data across the entire organization. Because it’s cloud-based, NetSuite can be accessed from anywhere with an internet connection, providing flexibility for businesses of all sizes. It’s widely used by companies ranging from small businesses to large enterprises across various industries.