The Washington Post confirmed that it was one of the organizations affected by a widespread hacking campaign linked to Oracle’s corporate software applications. The breach, first reported by Reuters on Friday, involved the Oracle E-Business Suite, which many companies use to manage sensitive business and employee data.
A spokesperson for the Post has not yet provided a detailed comment, and Oracle referred inquiries to previously posted advisories, declining to answer further questions. The incident follows reports from Google last month that identified the ransomware gang Clop exploiting multiple vulnerabilities in Oracle E-Business Suite software.
The Clop gang reportedly targeted companies using the platform to access human resources files, financial records, and other confidential corporate data. Google noted that more than 100 companies had sensitive data stolen in the campaign. Hackers began sending extortion messages to executives in late September, claiming to have obtained large amounts of internal business data and employees’ personal information.
Extortion and Ransom Demands
Anti-ransomware firm Halcyon confirmed that the Clop gang demanded $50 million from at least one executive at an affected company. Clop uses such public threats to pressure organizations into paying ransom. On Thursday, the gang claimed on its website that it had hacked The Washington Post, stating that the company had “ignored their security,” a common tactic indicating no ransom payment has been made.
This approach of publicly naming victims and sharing stolen data is typical of ransomware operations and is intended to force negotiations or expose companies that refuse to comply.
Also Read: Oracle and OpenAI Seal $300B Deal to Power Project Stargate
Widening Impact Across Industries
The Oracle E-Business Suite attacks have affected numerous high-profile organizations, including Harvard University and Envoy, an American Airlines subsidiary. These incidents highlight the growing risks companies face when sophisticated cybercriminal groups target critical enterprise software.
The Washington Post breach serves as a stark reminder of the vulnerabilities in widely used business systems and the ongoing challenges organizations face in safeguarding sensitive corporate and employee data from ransomware and extortion campaigns.
Industry experts emphasize that these attacks underline the importance of timely software updates, rigorous security protocols, and proactive monitoring to detect and mitigate threats before they escalate into large-scale breaches.
