
The Washington Post Breach
Jul 10, 2025
9,140 rows
What happened in the The Washington Post Breach?
DataBreach.com Team · January 1st 2026, 7:00 pm EST
In late 2025, The Washington Post confirmed it had fallen victim to a cyberattack targeting its internal business systems, specifically the Oracle E-Business Suite used for human resources and financial operations. The breach, which occurred between July 10 and August 22, 2025, was orchestrated by the Clop (Cl0p) ransomware group, who exploited a zero-day vulnerability in the software. The incident compromised the sensitive personal information of nearly ~10,000 current and former employees and contractors. The publication was first alerted to the intrusion on September 29 when the threat actors contacted them directly, leading to a formal investigation and subsequent notification of victims in November 2025. In response, The Post offered affected individuals complimentary identity protection services, though the company now faces class-action litigation over its handling of the security lapse.










