NCH Corporation, a significant player in the industrial solutions sector, has recently issued a notification highlighting a cybersecurity incident that has affected some of its employees and their dependents.
"NCH understands the importance of protecting information regarding our employees and their dependents," said a spokesperson from NCH. This statement underscores their commitment to safeguarding confidential data amidst growing cybersecurity threats.
"NCH understands the importance of protecting information regarding our employees and their dependents,"
The breach stems from a vulnerability in Oracle’s E-Business Suite, a software solution commonly utilized across many organizations. An unrecognized security flaw was exploited by an unknown actor, leading to unauthorized access to sensitive information from numerous organizations, including NCH.
Upon becoming aware of this security breach, NCH immediately instituted its response procedures and secured its deployment of Oracle EBS. In addition, they enlisted the help of third-party cybersecurity experts to investigate the situation while simultaneously alerting law enforcement to support the ongoing investigation. "We launched an investigation with the support of third-party cybersecurity professionals," the NCH spokesperson confirmed.
"We launched an investigation with the support of third-party cybersecurity professionals,"
By the Numbers
By the Numbers
By the Numbers
The preliminary evidence suggested that the data breach occurred in mid-August when files were accessed from the NCH Oracle EBS application. Following a comprehensive review of the compromised files that took place on November 25, 2025, the company found that personal information related to its employee group health plan was exposed. Specifically, this included names, dates of birth, Social Security numbers, and benefits elections of some health plan participants. However, the company clarified, "This incident did not involve all current and former NCH employees or their dependents, but only those whose information was included in the files involved."
On December 5, 2025, NCH began mailing notification letters to those affected individuals whose information was compromised and for whom they had reliable contact details. To proactively address any concerns stemming from the incident, the company set up a dedicated toll-free call center aimed at assisting individuals with inquiries related to the cybersecurity breach. "Individuals with questions can call 888-360-9934, Monday through Friday, between 9:00 a.m. and 9:00 p.m. Eastern Time," they advised.
As part of their response, NCH is also providing affected individuals with complimentary credit monitoring and identity theft protection services through IDX. The notification letters further remind recipients about the importance of remaining vigilant against fraud or identity theft, encouraging them to regularly review their account statements and free credit reports for unauthorized transactions.
Looking Ahead
Looking Ahead
In efforts to mitigate similar risks in the future, NCH has implemented a patch provided by Oracle to address the identified vulnerability in Oracle EBS, alongside additional security measures to enhance the robustness of their systems. "To help prevent something like this from happening again, we applied the patch that Oracle developed for Oracle EBS after the vulnerability was discovered and took other measures to secure our Oracle EBS instance," stated the spokesperson.
"To help prevent something like this from happening again, we applied the patch that Oracle developed for Oracle EBS after the vulnerability was discovered and took other measures to secure our Oracle EBS instance,"
By the Numbers
For those with lingering questions or concerns regarding this security incident, NCH has provided multiple contact options. They can be reached at their headquarters or through their toll-free numbers. "If you have any questions, concerns, or require further information about this security incident, please contact our team," read their statement.
"If you have any questions, concerns, or require further information about this security incident, please contact our team,"
NCH Corporation continues to operate in 48 countries worldwide, serving customers with a diverse range of products and solutions. With the current focus on enhancing cybersecurity practices, the organization aims to bolster its data protection efforts while supporting affected individuals in navigating the aftermath of this security incident. As businesses increasingly confront the challenges presented by cyber threats, NCH's proactive measures reflect an essential commitment to protecting their employees and customer information.
