HomeNewsBreachesAbout
Account
the-washington-post-2025

The Washington Post Breach

Jul 10, 2025

9,140 rows

Added on Jan 2, 2026

Search the Leak

Email
Full Name

What happened in the The Washington Post Breach?

DataBreach.com Team · January 1st 2026, 7:00 pm EST

In late 2025, The Washington Post confirmed it had fallen victim to a cyberattack targeting its internal business systems, specifically the Oracle E-Business Suite used for human resources and financial operations. The breach, which occurred between July 10 and August 22, 2025, was orchestrated by the Clop (Cl0p) ransomware group, who exploited a zero-day vulnerability in the software. The incident compromised the sensitive personal information of nearly ~10,000 current and former employees and contractors. The publication was first alerted to the intrusion on September 29 when the threat actors contacted them directly, leading to a formal investigation and subsequent notification of victims in November 2025. In response, The Post offered affected individuals complimentary identity protection services, though the company now faces class-action litigation over its handling of the security lapse.

For media inquiries, contact us at contact@databreach.com