Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack

The Washington Post says nearly 10,000 individuals are affected by a data breach stemming from a cyberattack on its Oracle E-Business Suite (EBS) instance.

A threat actor associated with the use of the Cl0p ransomware, presumably a cluster of a group tracked as FIN11, targeted the Oracle EBS instances of dozens of organizations through the exploitation of zero-day vulnerabilities.

The attacks came to light in early October when the hackers attempted to extort victims. More than 40 organizations that refused to pay a ransom have been listed to date on the Cl0p leak website, including The Washington Post.

Over 120 GB of archive files allegedly storing data stolen from the newspaper have been made public through the Cl0p leak website.

In a filing with the Maine Attorney General’s Office, The Washington Post said the attackers stole the personal information of 9,720 current and former employees and contractors.

Compromised data includes names, bank account numbers and routing numbers, Social Security numbers, and tax ID numbers.

The media company said it was contacted by the threat actor on September 29. An investigation showed that the hackers accessed data between July 10 and August 22.

The disclosure confirms previous reports that exploitation of the Oracle EBS vulnerabilities may have started as early as July, months before the patches were released.

The Washington Post is among the few organizations named on the Cl0p website that have confirmed being impacted by the Oracle EBS campaign.

Confirmed victims also include Hitachi subsidiary GlobalLogic, Harvard University, and American Airlines subsidiary Envoy Air. Other major companies have yet to confirm impact, either because their investigations are ongoing or because they are trying to maintain a low profile.

This article was published by Security Week. Please check their website for the original content.