Washington Post confirms data breach linked to Oracle hacks

The Washington Post has officially acknowledged that it fell prey to a hacking operation associated with vulnerabilities in Oracle's suite of corporate software applications. This revelation came to light following a report by Reuters, which cited a statement from the newspaper confirming its impact from the breach of the Oracle E-Business Suite platform. In response to inquiries, a spokesperson for the Post did not provide immediate commentary. Oracle’s representative, Michael Egbert, directed TechCrunch to two advisories previously issued by the company but did not address specific questions regarding the incident. This breach follows an alarming warning from Google last month, which disclosed that the ransomware group Clop was targeting organizations by exploiting various weaknesses in Oracle’s E-Business Suite software. This suite is critical for business operations, housing sensitive information such as human resources files and other confidential data. According to Google, the exploits enabled hackers to access and steal business data and employee records from over 100 companies. The hacking campaign reportedly began in late September, with corporate leaders noting they received extortion messages from email addresses linked to the Clop gang. These messages claimed that large volumes of sensitive internal data and personal information had been pilfered from compromised Oracle systems. Anti-ransomware firm Halcyon revealed that one executive was pressured to pay a staggering ransom of $50 million. On Thursday, the Clop group publicly asserted on its website that it had successfully breached The Washington Post, asserting that the organization had “ignored their security.” This language is a common tactic used by such cybercriminals when their demands go unfulfilled. Ransomware groups often disclose the identities of their victims and the data stolen as a form of coercion, indicating that negotiations may have either stalled or failed. The repercussions of the Oracle E-Business Suite vulnerabilities are widespread, with several other organizations, including Harvard University and the American Airlines subsidiary, Envoy, also confirming they have been affected by these attacks.