Comment by londons_explore

My guess is that admitting a security incident triggers lots of contractual clauses.

They have probably decided it's cheaper to simply deny the event (therefore not triggering those clauses).

If it gets to court, Oracle will find some expert who says there was no incident, and the other side will present clear evidence there was an incident, but the non-technical judge will probably still not be sure.