Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack

The Washington Post says nearly 10,000 individuals are affected by a data breach stemming from a cyberattack on its Oracle E-Business Suite (EBS) instance. 

A threat actor associated with the use of the Cl0p ransomware, presumably a cluster of a group tracked as FIN11, targeted the Oracle EBS instances of dozens of organizations through the exploitation of zero-day vulnerabilities.

The attacks came to light in early October when the hackers attempted to extort victims. More than 40 organizations that refused to pay a ransom have been listed to date on the Cl0p leak website, including The Washington Post.

Over 120 GB of archive files allegedly storing data stolen from the newspaper have been made public through the Cl0p leak website.

In a filing with the Maine Attorney General’s Office, The Washington Post said the attackers stole the personal information of 9,720 current and former employees and contractors ...