The Washington Post has confirmed that information from 9,720 current and former employees and contractors was compromised as part of the widespread Oracle E-Business Suite zero-day attacks conducted by the Clop ransomware operation, according to CyberScoop.Infiltration of its Oracle EBS environment from July 10 to Aug. 22 allowed the theft of individuals' names, Social Security numbers, bank account numbers, and routing numbers, said the Washington Post in a breach notice filed with the Office of the Maine Attorney General. Nearly 30 organizations, including GlobalLogic and Envoy Air, were already claimed to have been breached in the attack campaign, which Oracle only discovered after Clop had provided its customers with extortion emails.Oracle addressed the vulnerability earlier last month. Multiple file-transfer services have already been targeted by the Clop ransomware gang in the past, with over 2,300 organizations having been compromised in the sweeping exploitation of vulnerable MOVEit environments two years ago.
Breach, Data Security, Vulnerability Management
Washington Post breach impacts nearly 10K
(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds