The Washington Post employee and contractor data leak
Data Leak
Summary
Hide ▲
Show ▼
The Washington Post is notifying nearly 10,000 employees and contractors after personal and financial data was exposed, creating identity-theft and fraud risk. Attackers accessed parts of the internal network between July 10 and August 22, 2025 by exploiting a then-zero-day flaw in Oracle E-Business Suite. The compromised records included full names, bank account numbers and routing numbers, Social Security numbers, and tax and ID numbers. The vulnerability is now tracked as CVE-2025-61884 and has been linked to Clop, showing the leak was part of a broader Oracle-driven intrusion wave.
Related Happenings
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
Vulnerability
H score52
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
**Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
VulnerabilityAbout this happening: **Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch Release
H score53
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
**Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch ReleaseAbout this happening: **Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...
ShinyHunters Oracle PeopleSoft data theft from 300 instances
Data Leak
H score46
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
About this happening:
The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...
ShinyHunters Oracle PeopleSoft data theft from 300 instances
Data LeakAbout this happening: The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
Vulnerability
H score58
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
About this happening:
**Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
VulnerabilityAbout this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Latest development: 29.06.2026 23:40
Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
H score60
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
CampaignAbout this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
Latest development: 29.06.2026 23:40
Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.
Timeline
-
13.11.2025 18:00 1 articles · 7mo ago
Bad actor claims access to The Washington Post Oracle applications
Initial DisclosureA bad actor contacted The Washington Post and claimed to have gained access to its Oracle E-Business Suite applications, prompting the organization to launch a thorough investigation with outside experts into whether its Oracle application environment had been accessed without authorization.
Show sources
- Washington Post data breach impacts nearly 10K employees, contractors — www.bleepingcomputer.com — 13.11.2025 18:00
-
13.11.2025 18:00 1 articles · 7mo ago
Investigation concludes with data exposure findings
Technical Analysis UpdateThe Washington Post's investigation concluded that data belonging to 9,720 employees and contractors had been compromised, including full names, bank account numbers and routing numbers, Social Security numbers, and tax and ID numbers.
Show sources
- Washington Post data breach impacts nearly 10K employees, contractors — www.bleepingcomputer.com — 13.11.2025 18:00
-
13.11.2025 18:00 1 articles · 7mo ago
Impacted employees and contractors receive exposure notice and identity protection
Victim Impact UpdateThe Washington Post notified nearly 10,000 employees and contractors that personal and financial data had been exposed in the Oracle data theft attack and offered 12 months of free identity protection through IDX, along with guidance to consider a security freeze and fraud alerts.
Show sources
- Washington Post data breach impacts nearly 10K employees, contractors — www.bleepingcomputer.com — 13.11.2025 18:00
-
13.11.2025 18:00 1 articles · 7mo ago
Clop linked to The Washington Post Oracle breach
Attribution UpdateThe Clop ransomware group has been linked to the Oracle E-Business Suite intrusion affecting The Washington Post, and the zero-day exploited in the campaign is now tracked as CVE-2025-61884.
Show sources
- Washington Post data breach impacts nearly 10K employees, contractors — www.bleepingcomputer.com — 13.11.2025 18:00