.png)
Washington Post Data Breach Affects 9,720 Individuals
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info
The Washington Post, a leading American news organization, experienced a data breach that exposed sensitive information of current and former employees and contractors. The cybersecurity incident affected a total of 9,720 individuals across the United States.
The incident stemmed from a previously unknown vulnerability in Oracle’s E-Business Suite software, which was exploited by the ransomware group CL0P. The cyberattack occurred between July 10, 2025, and Aug. 22, 2025, when threat actors accessed and acquired data from The Washington Post’s Oracle E-Business Suite applications. The breach was first brought to the company’s attention on Sept. 29, 2025, when a bad actor contacted The Washington Post claiming to have gained access to their systems.
Further investigation involving forensic experts, confirmed the exploit and determined that the vulnerability was widespread, impacting many Oracle clients. On Oct. 27, 2025, The Washington Post confirmed that personal information belonging to its employees had been compromised.
Exposed information included names, Social Security numbers, tax ID numbers, bank account numbers, and routing numbers. The new organization began notifying affected individuals by mail on Nov. 12, 2025. The data breach was also disclosed to the Maine, Massachusetts, and the Vermont Attorney Generals' offices beginning on Nov 12, 2025.
The Washington Post's response
In response to the breach, The Washington Post engaged forensic experts and took steps to secure their systems. They applied patches to address the Oracle E-Business Suite vulnerability as soon as Oracle released them. In addition to required state disclosures, the company is offering 24 free months of IDX identity protection services to employees and contractors whose Social Security numbers or tax ID numbers were exposed.
If you receive a notice from The Washington Post about this data breach, you may want to:
- Sign up for the free IDX identity theft protection services, offered by the company.
- Monitor your credit reports and financial accounts for any unusual activity.
- Be alert for phishing emails or phone calls that may use your exposed information.
- Consider placing a fraud alert or credit freeze with major credit bureaus.
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)