Extra, extra, read all about it: Washington Post clobbered in Clop caper

Steven

Extra, extra, read all about it: Washington Post clobbered in Clop caper

Summary

The Washington Post has confirmed that nearly 10,000 current and former staff and contractors had personal data stolen after attackers exploited a previously unknown Oracle E-Business Suite vulnerability linked to the Clop gang.

The intruders accessed the Post’s Oracle EBS between 10 July and 22 August, the organisation was contacted on 29 September, and an internal probe on 27 October confirmed the breach. Stolen records reportedly include names, bank account and routing numbers, Social Security numbers and tax IDs. A filing to Maine’s attorney general on 12 November disclosed the incident and offered affected individuals identity-protection services.

Key Points

  • Nearly 10,000 Washington Post employees and contractors were notified of data theft following an Oracle EBS intrusion.
  • Compromised data reportedly includes names, bank account and routing numbers, Social Security numbers and tax ID numbers.
  • Access occurred between 10 July and 22 August; the Post learned of the claim on 29 September and confirmed it on 27 October.
  • The breach is tied to a previously unknown Oracle E-Business Suite vulnerability exploited at scale and associated with the Clop ransomware group.
  • The Post says it applied Oracle’s emergency patches as soon as they were available and has offered identity-protection services to those affected.
  • This disclosure adds the Post to a growing list of high-profile victims — others include GlobalLogic, Allianz UK and Envoy — highlighting a widespread EBS campaign.

Content Summary

The Register reports that a ‘bad actor’ contacted the Washington Post claiming access to its Oracle EBS environment. Subsequent investigation confirmed the claims and connected the activity to the EBS zero-day that has been weaponised across numerous organisations.

Oracle released emergency fixes in late October, but has been relatively quiet on the scale of customer impact. The Post’s notification emphasises that the vulnerability was unknown before the incident and affected many Oracle customers, not just the newspaper. With other organisations auditing their Oracle logs, more breach notices are likely.

Context and Relevance

This incident is part of a broader, high-profile wave of mass exploitation of Oracle E-Business Suite instances attributed to Clop. For anyone running ERP systems, payroll, HR databases or other critical back-office applications, it underlines how enterprise-grade software can present attractive targets and how unpatched vulnerabilities can be exploited at scale.

The stolen identifiers (SSNs, tax IDs, bank details) pose a lasting risk of identity theft and financial fraud for affected individuals, and the reputational and regulatory fallout for organisations can be severe. The story also highlights the importance of rapid patching, forensic log review and offering remediation support to impacted people.

Author style

Punchy: This is a serious, high-impact breach — big name victim, lots of sensitive payroll data exposed, and part of a widespread, organised campaign. If you care about enterprise security or protect people’s personal data, read the details and treat this as an urgent reminder about patching and visibility.

Why should I read this?

Short version: if you manage Oracle EBS, payroll, HR or any ERP stuff — this is a wake-up call. The piece rounds up what happened, what was taken, and why the flaw matters. We’ve done the legwork so you can see the risk quickly and decide if you need to hunt your logs or press for patches.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/11/13/washington_post_clop/