Washington Post data breach impacts nearly 10K employees contractors
pCrowdStrike catches insider feeding information to hackersppNvidia confirms October Windows updates cause gaming issuesppFCC rolls back cybersecurity rules for telcos despite statehacking risksppCISA warns Oracle Identity Manager RCE flaw is being actively exploitedppGoogle enables PixeltoiPhone file sharing via Quick Share AirDropppEnterprise password security and secrets management with Passwork 7ppIberia discloses customer data leak after vendor security breachppNew Costco Gold Star Members also get a 40 Digital Costco Shop CardppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppThe Washington Post is notifying nearly 10000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attackppThe news organization is one of the largest daily newspapers in the US with approximately 25 million digital subscribersppBetween July 10 and August 22 threat actors accessed parts of its network They leveraged a vulnerability in Oracle EBusiness Suite software that was a zeroday at the time to steal sensitive datappIn late September the hackers tried to extort the Washington Post along with other major companies they had breached the same wayppThe hackers leveraged a thenzeroday vulnerability in Oracle EBusiness Suite software that the Washington Post used internally stole data and then attempted to extort the firm in late SeptemberppOracle EBusiness Suite is a widely used enterprise resource planning ERP platform with HR finance and supply chain functions that large organizations use internallyppAccording to the Washington Posts notification to impacted individuals Oracle disclosed the security vulnerability while the news organization was investigating the breach incidentppOn September 29 2025 the Post was contacted by a bad actor who claimed to have gained access to its Oracle EBusiness Suite applications describes the letter
In response the Post launched a thorough investigation of its Oracle application environment with the assistance of experts to determine if the environment had been accessed without authorizationppDuring the investigation Oracle announced that it had identified a previously unknown and widespread vulnerability in its EBusiness Suite software that permitted unauthorized actors to access many Oracle customers EBusiness Suite applicationsppAlthough the attackers arent named in the letter the Clop ransomware group has been linked to these attacks exploiting a zeroday flaw that is now tracked as CVE202561884ppAmong the organizations that were breached using the same vulnerability in Oracle EBusiness Suite are Harvard University American Airlines subsidiary Envoy Air and Hitachis GlobalLogicppThese are some of the victims who have confirmed a breach or are investigating suspicious activity in their environments However Clops data leak site lists a larger number of breached organizationsppThe Posts investigation into the incident concluded on October 27 and revealed that the following types of data belonging to 9720 employees and contractors had been compromisedppImpacted individuals received a 12month freeofcharge identity protection service coverage through IDX and are recommended to consider placing a security freeze on their credit file and setting up fraud alerts on their reportppIn June the Washington Post announced that the email accounts of several of its journalists had been compromised in a cyberattack conducted by foreign state actorsppWhile the two incidents occurred shortly after one another there is evidence of a connection between themppBleepingComputer has contacted The Washington Post with additional questions and we will update this post when we receive a replyppAs MCP Model Context Protocol becomes the standard for connecting LLMs to tools and data security teams are moving fast to keep these new services safeppThis free cheat sheet outlines 7 best practices you can start using todayppHarvard investigating breach linked to Oracle zeroday exploitppLogitech confirms data breach after Clop extortion attackppGlobalLogic warns 10000 employees of data theft after Oracle breachppAmerican Airlines subsidiary Envoy confirms Oracle data theft attackppClop extortion emails claim theft of Oracle EBusiness Suite datappNot a member yet Register NowppCrowdStrike catches insider feeding information to hackersppWhatsApp API flaw let researchers scrape 35 billion accountsppMicrosoft Outofband update fixes Windows 11 hotpatch install loopppGet The CISOs Guide to Stopping Ransomware with PhishingResistant MFAppWhy your DevOps stack data might be more vulnerable than you think and how to address itppReview of Passwork Affordable EnterpriseGrade Password ManagerppWorried about finance scams Get Avast Free Antivirus with intelligent online scam detectionppCMMC Made Simple Get auditready with Huntressfaster easier and more affordableppEmpowering IT teams with intelligencedriven cyber threat researchppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp
In response the Post launched a thorough investigation of its Oracle application environment with the assistance of experts to determine if the environment had been accessed without authorizationppDuring the investigation Oracle announced that it had identified a previously unknown and widespread vulnerability in its EBusiness Suite software that permitted unauthorized actors to access many Oracle customers EBusiness Suite applicationsppAlthough the attackers arent named in the letter the Clop ransomware group has been linked to these attacks exploiting a zeroday flaw that is now tracked as CVE202561884ppAmong the organizations that were breached using the same vulnerability in Oracle EBusiness Suite are Harvard University American Airlines subsidiary Envoy Air and Hitachis GlobalLogicppThese are some of the victims who have confirmed a breach or are investigating suspicious activity in their environments However Clops data leak site lists a larger number of breached organizationsppThe Posts investigation into the incident concluded on October 27 and revealed that the following types of data belonging to 9720 employees and contractors had been compromisedppImpacted individuals received a 12month freeofcharge identity protection service coverage through IDX and are recommended to consider placing a security freeze on their credit file and setting up fraud alerts on their reportppIn June the Washington Post announced that the email accounts of several of its journalists had been compromised in a cyberattack conducted by foreign state actorsppWhile the two incidents occurred shortly after one another there is evidence of a connection between themppBleepingComputer has contacted The Washington Post with additional questions and we will update this post when we receive a replyppAs MCP Model Context Protocol becomes the standard for connecting LLMs to tools and data security teams are moving fast to keep these new services safeppThis free cheat sheet outlines 7 best practices you can start using todayppHarvard investigating breach linked to Oracle zeroday exploitppLogitech confirms data breach after Clop extortion attackppGlobalLogic warns 10000 employees of data theft after Oracle breachppAmerican Airlines subsidiary Envoy confirms Oracle data theft attackppClop extortion emails claim theft of Oracle EBusiness Suite datappNot a member yet Register NowppCrowdStrike catches insider feeding information to hackersppWhatsApp API flaw let researchers scrape 35 billion accountsppMicrosoft Outofband update fixes Windows 11 hotpatch install loopppGet The CISOs Guide to Stopping Ransomware with PhishingResistant MFAppWhy your DevOps stack data might be more vulnerable than you think and how to address itppReview of Passwork Affordable EnterpriseGrade Password ManagerppWorried about finance scams Get Avast Free Antivirus with intelligent online scam detectionppCMMC Made Simple Get auditready with Huntressfaster easier and more affordableppEmpowering IT teams with intelligencedriven cyber threat researchppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp
