SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack

The media company admitted that cybercriminals attempted to extort a payment after stealing personal information. 
Washington Post Oracle hack

The Washington Post says nearly 10,000 individuals are affected by a data breach stemming from a cyberattack on its Oracle E-Business Suite (EBS) instance. 

A threat actor associated with the use of the Cl0p ransomware, presumably a cluster of a group tracked as FIN11, targeted the Oracle EBS instances of dozens of organizations through the exploitation of zero-day vulnerabilities

The attacks came to light in early October when the hackers attempted to extort victims. More than 40 organizations that refused to pay a ransom have been listed to date on the Cl0p leak website, including The Washington Post.

Roughly 180 GB of archive files allegedly storing data stolen from the newspaper have been made public through the Cl0p leak website. 

In a filing with the Maine Attorney General’s Office, The Washington Post said the attackers stole the personal information of 9,720 current and former employees and contractors. 

Compromised data includes names, bank account numbers and routing numbers, Social Security numbers, and tax ID numbers. 

Advertisement. Scroll to continue reading.

The media company said it was contacted by the threat actor on September 29. An investigation showed that the hackers accessed data between July 10 and August 22.

The disclosure confirms previous reports that exploitation of the Oracle EBS vulnerabilities may have started as early as July, months before the patches were released.

The Washington Post is among the few organizations named on the Cl0p website that have confirmed being impacted by the Oracle EBS campaign. 

Confirmed victims also include Hitachi subsidiary GlobalLogic, Harvard University, and American Airlines subsidiary Envoy Air. Other major companies have yet to confirm impact, either because their investigations are ongoing or because they are trying to maintain a low profile.

*total size of files made available by hackers updated from 120 GB to 180 GB

Related: NHS Investigating Oracle EBS Hack Claims

Related: Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack

Related: Akira Ransomware Group Made $244 Million in Ransom Proceeds

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Third-Party Risk in Practice
June 4, 2026

Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Silvio Pappalardo has joined AuthMind as Chief Revenue Officer.

iCOUNTER has appointed Lisa Hayashi as CMO and Bob Kalchthaler as CFO.

Thomas Bain has been appointed Chief Marketing Officer at Silent Push.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.