News

Washington Post confirms data breach tied to Oracle E-Business attacks

The Washington Post has confirmed it was caught up in a broader hacking campaign that exploited vulnerabilities in Oracle’s E-Business Suite, a platform used by large organisations for finance, HR and other core operations.

The disclosure follows reports that the Clop ransomware group has been targeting companies through flaws in Oracle software. Google previously said the exploits enabled theft of customer data and employee records from more than 100 organisations. According to affected firms, the campaign began in late September, when executives received extortion emails from addresses linked to Clop, claiming large volumes of internal business data and personal information had been stolen.

Oracle has issued two security advisories and pointed questions to those notices. The Washington Post acknowledged impact from the Oracle platform breach. The publisher did not provide additional detail on the scope of data accessed or the systems affected.

On Thursday, Clop listed the Washington Post on its leak site and accused the company of ignoring security, language the group often uses when a victim does not pay. Anti ransomware firm Halcyon has said at least one executive at an impacted company faced a 50 million dollar demand.

Other organisations have confirmed exposure through the Oracle E-Business vector, including Harvard University and Envoy, an American Airlines subsidiary.

The Washington Post said it is investigating, enhancing monitoring, and coordinating with Oracle and external experts. Impacted individuals and partners may be notified as required once the assessment is complete.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *