Attackers were able to access data owned by the Jeff Bezos-owned newspaper for over a month. Meanwhile, the hacks’ perpetrators accessed personal and sensitive information, which includes bank account numbers.
One of the US’s largest newspapers started reaching out to potential victims this week. In early November, The Washington Post confirmed it became the latest victim of Cl0p ransomware gang’s Oracle E-Business Suite attack spree.
According to information the media outlet submitted to the Maine Attorney General’s Office, nearly 10,000 individuals may have had their details exposed in the attack.
“On September 29th, 2025, the Post was contacted by a bad actor who claimed to have gained access to its Oracle E-Business Suite applications,” read the breach notice letter from the company.
While the letter doesn’t explicitly mention which attacker group it was, the perpetrators were the infamous Cl0p ransomware cartel. In early November, the gang posted The Washington Post on its dark web blog, used to showcase the cartel’s latest victims.
“During the investigation, Oracle announced that it had identified a previously unknown and widespread vulnerability in its E-Business Suite software that permitted unauthorized actors to access many Oracle customers’ E-Business Suite applications,” the breach notice said.
According to the breach notice, attackers had access to the compromised service from early July to late August. While The Washington Post claims that exposed details vary by individuals, attackers may have gotten their hands on:
- Names
- Bank account numbers
- Associated routing numbers
- Social Security numbers
- Tax ID numbers
At least in theory, attackers could utilize the stolen details for identity theft by attempting to set up fraudulent accounts or submit fraudulent tax return. Additionally, malicious actors could use the details for sophisticated phishing and social engineering campaigns.
EBS zero-day bug
Earlier this year, Cl0p successfully exploited a critical zero-day in the Oracle E-Business Suite (EBS) software. Many organizations only discovered they had been breached in August, some after receiving a ransom note from the gang via email.
The initial Cl0p exploit, first reported by Oracle on October 2nd, had been tracked by Google researchers as far back as July. Moreover, Oracle's first emergency patch, released just days after the initial announcement, had failed, prompting a second critical patch on October 11th, leaving clients vulnerable for days.
Big-name victims of the widespread Oracle hacking campaign, some whose data has already been published on the Cl0p site, have included Harvard University, American Airlines' largest regional carrier Envoy Air, and Chicago Public Schools, the fourth-largest district in the US.
Cl0p's past campaigns – exploiting the MOVEit, Fortra GoAnywhere, and Cleo file transfer programs – have compromised thousands of major organizations over the years, often taunting its victims and raking in hundreds of millions of dollars.
The MOVEIT exploit, which occurred in 2023, was one of the most extensive hacking campaigns, affecting thousands organizations and nearly 90 million individuals, with an estimated impact in the billions of dollars.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked