Ethical Hacking News
The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in a Clop-linked Oracle E-Business Suite (EBS) attack. This brazen breach highlights the devastating impact of such attacks on businesses and individuals alike.
Nearly 10,000 employees and contractors had sensitive personal data stolen in an Oracle E-Business Suite (EBS) attack. The Clop ransomware gang claimed responsibility for the attacks, which accessed and exfiltrated data between July 10 and August 22. More than 10,000 GlobalLogic staff had data stolen via the same exploit, and Allianz UK also confirmed it was caught up in the spree. The breach highlights the devastating impact that such attacks can have on businesses and individuals alike. Oracle has not disclosed how many customers were affected by the vulnerability, which was used at scale for months against organizations worldwide. The incident emphasizes the importance of prioritizing cybersecurity and taking proactive measures to protect sensitive data.
In a shocking revelation that has sent shockwaves throughout the cybersecurity community, The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in the Clop-linked Oracle E-Business Suite (EBS) attacks. This brazen breach, which was carried out using an unknown vulnerability in the Oracle EBS environment, is being investigated by the newspaper's internal team, with findings recently submitted to Maine's attorney general.
The Clop ransomware gang has claimed responsibility for those attacks, posting dozens of alleged victims on its dark web leak site. According to The Post's notice, attackers accessed and exfiltrated data between July 10 and August 22, which included names, bank account and routing numbers, Social Security numbers, and tax ID numbers belonging to current and former staff and contractors.
This alarming breach has added another high-profile name to the growing list of victims of the EBS-targeting campaign that has dominated enterprise security headlines in recent weeks. Hitachi-owned GlobalLogic disclosed this week that more than 10,000 of its own staff had data stolen via the same exploit, and Allianz UK also confirmed it was caught up in the spree.
Clop, known for its mass-exploitation tactics, has already named dozens of organizations on its leak site following the Oracle EBS campaign, spanning sectors from healthcare and consumer electronics to finance, manufacturing, education, and media. The sheer scale of this breach highlights the devastating impact that such attacks can have on businesses and individuals alike.
Oracle has said little publicly about the wave of mass exploitation that followed the discovery of the EBS flaw. Big Red confirmed the vulnerability in late October when it released emergency fixes, but it has not disclosed how many customers were affected, nor has it addressed researchers' claims that the bug was used at scale for months against organizations worldwide.
This breach is a stark reminder of the importance of prioritizing cybersecurity and taking proactive measures to protect sensitive data. The incident also underscores the need for vigilance and swift action in responding to such attacks, as seen by The Washington Post's internal investigation team, which quickly identified the breach and worked to contain it.
The implications of this breach extend beyond individual organizations to pose significant concerns about the broader cybersecurity landscape. As researchers have noted, the bug was used at scale for months against organizations worldwide, suggesting a high level of sophistication and organization behind the attack. The fact that Clop has claimed responsibility for the attacks only adds to the gravity of the situation.
The breach also highlights the importance of data protection and incident response. With more than 10,000 people affected by this breach, it is clear that swift action was needed to mitigate the impact on those whose sensitive information was compromised. The fact that The Washington Post has offered complimentary identity-protection services to those affected demonstrates a commitment to protecting its staff and contractors.
Furthermore, this breach raises important questions about the role of cybersecurity in modern organizations. As more data becomes digitized and stored online, the risk of breaches like this one increases exponentially. It is imperative that businesses prioritize cybersecurity measures and invest in robust security protocols to protect sensitive data.
In conclusion, the Oracle EBS breach represents a major wake-up call for organizations and individuals alike. The sheer scale of this breach highlights the devastating impact that such attacks can have on businesses and individuals alike. It serves as a stark reminder of the importance of prioritizing cybersecurity and taking proactive measures to protect sensitive data. As researchers and cybersecurity experts continue to investigate this incident, it is clear that swift action will be needed to mitigate the impact of similar breaches in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Oracle-EBS-Breach-A-Global-Cybersecurity-Crisis-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/13/washington_post_clop/
Published: Thu Nov 13 07:53:19 2025 by llama3.2 3B Q4_K_M
