The Washington Post confirms it suffered an Oracle-linked data breach

News
By published

The Post joins a list including Harvard University, Schneider Electric, and others

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)
  • Cl0p ransomware gang leaked Post data after alleged refusal to pay ransom
  • Oracle E-Business Suite zero-day exploited to breach over 100 companies, including The Washington Post
  • Other victims include Harvard, Schneider Electric; law enforcement warns against ransom payments

We can now add The Washington Post to the growing list of companies hacked via the apparent security issues with some Oracle business software.

In early October 2025, news broke that hackers were mailing executives at various organizations across the United States, warning them that they stole their sensitive files through Oracle E-Business Suite systems, and demanding a ransom payment in exchange for deleting the stolen files.

Subsequent investigations determined Oracle’s software carried a remote code execution (RCE) zero-day in versions 12.2.3-12.2.14. It was later also reported that the attacks were happening months before Oracle released a patch, and that “dozens” of companies were hit. Those “dozens” grew to “more than a hundred”. Two hacking collectives are being linked to this campaign - financially-motivated FIN11, and the infamous Cl0p ransomware gang.

No evidence of abuse

The Post has now issued a statement confirming it, too, fell prey to the attack.

At the same time, Cl0p added The Washington Post to its data leak site, stating that the company “ignored their security” which, according to TechCrunch, means it decided not to pay the ransom demand. We don’t know how much money Cl0p asked from the Post, but earlier reports claimed that one victim was asked for $50 million.

News of Oracle-related hacks have been coming in for some time, with multiple other high-profile companies were confirmed to have been hit, including Harvard University, Schneider Electric, Pan American Steel, and Cox Enterprises.

The full list of victims is not publicly available, and probably never will be. There is a good chance that some of the victims will pay the ransom demand and never be listed on Cl0p’s data leak site.

Law enforcement usually advises against paying the ransom demand, saying that it motivates the threat actors to mount even more attacks, and gives them the funds needed to continue operating.

Via TechCrunch

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.