The Washington Post notifies 10,000 people affected by Oracle-related data theft

The Washington Post notifies 10,000 people affected by Oracle-related data theft

Pierluigi Paganini
November 14, 2025

The Washington Post is alerting nearly 10,000 employees and contractors that personal and financial information was exposed in the Oracle security breach.

The Washington Post is warning nearly 10,000 employees and contractors that personal and financial information was exposed in the Oracle security breach. The popular newspaper has about 2.5 million digital subscribers.

Between July 10 and August 22, threat actors exploited what was then known as a zero-day vulnerability in Oracle E-Business Suite, which was tracked as CVE-2025-61884to access parts of the Washington Post network and steal sensitive data. At the end of September, the Clop ransomware group attempted blackmail.

On September 29, 2025, The Washington Post was alerted to a threat actor gaining access to its Oracle E-Business Suite. An expert-backed investigation confirmed a widespread, previously unknown Oracle…