The Washington Post confirms data breach linked to Oracle hacks

The Washington Post said it was one of the victims of a hacking campaign linked to Oracle’s suite of enterprise software applications.

Reuters first reported the news on Friday, citing a statement from the newspaper that said it had been affected by a “hack of the Oracle E-Business Suite platform.”

A spokesperson for The Post did not immediately respond to TechCrunch’s request for comment.

When contacted via email, Oracle spokesperson Michael Egbert referred TechCrunch to its two previously published alerts, and did not answer our questions.

Last month, Google said the Clop ransomware gang was targeting companies after exploiting multiple vulnerabilities in Oracle’s E-Business Suite software, which companies use for their business operations, storing their HR files, and other sensitive data.

These vulnerabilities allowed hackers to steal their customers’ business data and employee records from more than 100 companies, according to Google.

The hackers’ campaign began in late September when company executives reported receiving blackmail messages sent from email addresses previously associated with the Klopp gang, claiming that the hackers had stolen large amounts of sensitive internal business data and employees’ personal information from compromised Oracle systems.

Anti-ransomware firm Halcyon told TechCrunch at the time that the hackers demanded a $50 million ransom payment from an executive at one of the affected companies.

On Thursday, Klopp claimed on its website that it had hacked The Washington Post, alleging that the company “ignored its security,” the language the Klopp gang typically uses when a victim does not pay hackers.

It is not uncommon for ransomware or extortion gangs like Clop to publish their victims’ names and stolen files as leverage, which may suggest that the victim did not negotiate payment with the gang, or that negotiations collapsed.

Several other organizations have confirmed that they were affected by the Oracle E-Business hacks, including Harvard University and American Airlines subsidiary Envoy.