Share this article:

Data breach | Payroll data for nearly 10,000 Washington Post employees stolen in cyber attack

The Washington Post logo black

Nearly 10,000 employees and contractors had their personal data stolen during a recent cyber attack, the Washington Post has confirmed.

The media giant filed a report with Maine’s attorney general on November 12, stating that a “bad actor” had breached the company’s enterprise systems earlier this year.

According to the filing, the stolen data includes details of current and former employees’ names, bank accounts, and Social Security numbers.

Washington Post latest to have staff data targeted

The breach is part of a series of reported attacks for which the Clop ransomware gang has taken credit.

The threat actor exploited a vulnerability in the Oracle EBS (Enterprise Business Services) environment at multiple organizations, taking credit for similar breaches at companies including GlobalLogic and Allianz UK.

Clop, also known as Cl0p, contacted the Post on September 29, claiming to have breached its systems and stolen personal payroll data.

An internal investigation completed on October 27 found that attackers had indeed accessed and stolen data between July 10 and August 22, the filing said.

Nearly 10,000 employees and contractors were impacted by the attacks.

The Post informed Maine’s attorney general that it has notified those individuals, offering identity protection services to any whose Social Security numbers or Tax IDs were exfiltrated.

It stressed that it moved quickly to lock down company systems once it had identified the intrusion.

The vulnerability was “unknown prior to this incident, has impacted many Oracle customers, and is not specific to the Post,” the letter said, adding that the company “regrets any worry or inconvenience.”

The post maintained that safeguarding employees’ data is a “top priority.”

Rising threat of personal & payroll data attacks

Recent years have seen HR and payroll systems become an increasingly popular target for cybercriminals, due to the scale and nature of the personal data they store.

According to a 2025 report from Lab 1 – which reviewed over 141 million individual file records from 1,297 ransomware and data breach incidents – HR data appeared in 81.7% of cases.

This makes it one of the most frequently compromised data types, behind finance at 93%.

While the sensitive information contained within payroll records is a common target, even files such as resumes pose a risk once stolen, assisting threat actors with the creation of sophisticated phishing or deep-fake scams.

Robin Brattel, CEO of Lab 1, has urged CHROs and HR leaders to work in partnership with other executives, including CIOs, CSOs, and CEOs, to proactively take steps that reduce vulnerability.

Be the first to comment.

Sign up for a FREE myGrapevine account to have your say.

Share this article:

You are currently previewing this article.Create account

This is the last preview available to you for the next 30 days.

To receive our daily newsletter and access HR features & insights, create a free account today.