Extra, extra, read all about it - Washington Post clobbered in Clop caper
The Washington Post has confirmed a data breach affecting nearly 10,000 employees and contractors, stemming from the Clop ransomware gang’s exploitation of an Oracle E-Business Suite (EBS) vulnerability. The breach involved the theft of sensitive personal information, including names, bank account details, Social Security numbers, and tax ID numbers.
The newspaper was alerted to the breach on September 29 by a threat actor claiming unauthorized access to their Oracle EBS environment. An internal investigation verified the claim and linked the intrusion to a previously unknown Oracle EBS vulnerability that has been exploited across multiple organizations. Attackers accessed and exfiltrated data between July 10 and August 22. The Post determined on October 27 the extent of the data compromised.
The impact of the breach is significant, exposing current and former staff and contractors to potential identity theft and financial fraud. Affected individuals whose Social Security numbers or tax IDs were compromised have been offered complimentary identity-protection services. The Washington Post joins a growing list of victims, including Allianz UK and Hitachi-owned GlobalLogic, who have suffered similar data breaches due to the Clop ransomware gang’s campaign targeting Oracle EBS vulnerabilities.
The exploited vulnerability was previously unknown, affecting numerous Oracle customers, and was not specific to the Post. Oracle released emergency fixes in late October, acknowledging the vulnerability but not disclosing the full extent of the impact on its customers. Researchers have warned that the bug was used at scale for months against organizations worldwide. Clop has already named dozens of organizations on its leak site following the Oracle EBS campaign, spanning sectors from healthcare and consumer electronics to finance, manufacturing, education, and media.
The Washington Post has stated that it acted quickly to secure its environment upon detecting the intrusion and applied Oracle’s patches as soon as they became available. The newspaper also stressed that safeguarding staff data remains a top priority. Given the widespread exploitation of the Oracle EBS vulnerability, other organizations are likely reviewing their Oracle logs for signs of compromise, suggesting further disclosures are expected.