Oman is experiencing a rise in cyber incidents, with threat actors actively targeting organizations across multiple sectors. Recent breaches have exposed sensitive personal data, confidential corporate information, and critical operational assets, indicating that attackers are pursuing both individual and institutional targets. The variety and scale of these compromises demonstrate that no domain is exempt from risk. These incidents highlight a broader shift toward increasingly sophisticated and opportunistic cyber activity in the region. For Oman, the challenge extends beyond individual organizations to national resilience, requiring stronger security governance, investment in advanced defences, and coordinated action to mitigate evolving threats.
The authenticity of the breaches below remains unverified at the time of reporting, as the claims originate solely from threat actors.
In June 2025, a dark web actor using the alias “ScribeOfBabylon” posted an advertisement on a cybercriminal forum offering large volumes of telecom data for sale. The post listed datasets from multiple countries, with claimed records ranging from the hundreds of thousands to hundreds of millions. Notably, Oman was explicitly mentioned with 5 million records available, suggesting that subscriber data from the country may be part of these illicit datasets. This activity poses potential risks, including identity theft, targeted phishing, and fraud across the affected regions.
Shifa Oman, a healthcare organization in Oman, has reportedly had sensitive data leak claimed by The Gentlemen ransomware group, as estimated in July 2025. On the group’s leak site, files labelled “patient_records.7z” (39.7 MB) and “patient_records.html” (59.8 MB) were published, indicating exposure of patient medical records and associated confidential information. The compromise of healthcare data poses serious risks, including privacy violations, identity theft, and potential misuse of sensitive medical details, further highlighting the continued targeting of Oman’s critical sectors by ransomware operators.
Another forum user operating under the alias “hulky” advertised a “Mix Countries Crypto Leak” in August 2025 containing around 6.3 million records, with data fields including names, emails, phone numbers, and countries; the post listed several regions, notably Oman with 4,821 records, alongside others, and sample data shared included real PII, such as full names, email addresses, and phone numbers, suggesting credibility. This activity highlights the continued targeting of individuals in the region through large-scale data leaks, which may enable cybercriminals to profile victims and link identities across multiple platforms.
Special Oilfield Services Co. LLC (SOS), an Oman-based company providing integrated oilfield products and services to the energy sector, was reportedly listed as a victim in August 2024 by the Meow ransomware group. Although the full extent of the breach is not yet verified, the group claims to have obtained confidential company data, which may include internal documents, contracts, and employee-related information. Given SOS’s role in supporting Oman’s oil and gas operations, such an incident could expose the organization to operational risks, reputational damage, and potential exploitation of sensitive business information.
A dark forum user identified as “frog” published a thread claiming to have leaked data from Oman-based Al Baraka Oilfield Services. The leak in September 2023 was shared as a compressed archive of approximately 500–680 MB and reportedly contains the full source code of the company’s systems, employee records, and corporate documents. The exposure of both operational and personnel-related information suggests a potentially significant compromise, raising risks of corporate espionage, disruption of business operations, and the targeting of employees through social engineering or credential abuse.
Ithbar, an investment and financing platform based in Oman and licensed by Oman’s Financial Services Authority, reportedly had its data published by the KillSec ransomware group in November 2024. The leak is said to include copies of national ID cards, personal details of clients and employees, confidential company files, contracts, and database backups. Such an exposure poses significant risks of identity theft, financial fraud, and misuse of sensitive corporate information, while also underscoring the growing threat to Oman’s financial services sector.
OQ (formerly Oman Oil Company), a government-owned energy investment company headquartered in Muscat and operating across 17 countries, was reportedly listed as a victim by the Termite ransomware group in November 2024. While the exact scope of the breach is unconfirmed, the group claims to have accessed and leaked confidential company data, potentially including sensitive operational or corporate files. Given OQ’s strategic role in Oman’s energy, petrochemical, and infrastructure sectors, any compromise could pose risks to both business continuity and national energy security.
The series of incidents highlights the persistent and growing cyber threat landscape facing Oman’s critical industries. From healthcare and finance to energy and oilfield services, organizations across varied sectors are being actively targeted by ransomware groups and cybercriminal forums, leading to the exposure of sensitive personal, corporate, and operational data. These breaches not only pose immediate risks such as identity theft, financial fraud, and privacy violations but also carry broader implications for national security, business continuity, and trust in essential services. The recurring focus on Oman underscores the need for strengthened cybersecurity measures, improved incident response capabilities, and cross-sector collaboration to mitigate the escalating risks. The targeting of organizations with vital roles in healthcare delivery, financial stability, and energy security indicates an elevated threat profile for the country. Strengthened cybersecurity defenses, enhanced monitoring, and coordinated incident response across industries will be critical to mitigating risks and protecting Oman’s economic and national interests from further exploitation.