The Washington Post disclosed that hackers breached its Oracle E-Business Suite system, compromising personal data of 9,720 current and former employees and contractors. The Cl0p ransomware group exploited zero-day vulnerabilities between July 10 and August 22, stealing names, Social Security numbers, bank account details, and tax IDs.
The attackers contacted the newspaper on September 29 demanding ransom. When the Post refused to pay, hackers published over 120 GB of stolen data on their leak site. The breach affects dozens of organizations including Harvard University and American Airlines subsidiary Envoy Air. Oracle didn't release patches until months after the initial July attacks began.
Source: Security Week