The Washington Post confirmed hackers stole personal data from nearly 10,000 current and former employees and contractors through a breach of its Oracle system. The Clop ransomware group exploited a zero-day vulnerability in Oracle E-Business Suite between July 10 and August 22, accessing names, Social Security numbers, and bank account details.
Clop contacted the newspaper on September 29 demanding ransom, with some victims facing demands up to $50 million. The Washington Post joins dozens of Oracle customers targeted in this campaign, including Envoy Air and GlobalLogic. Oracle patched the vulnerability in October, but Clop has threatened to leak stolen data from nearly 30 organizations unless paid.
Source: CyberScoop