The Washington Post disclosed in November 2025 that a breach of its Oracle E-Business Suite ERP system had exposed sensitive personal and financial data for approximately 10,000 current and former employees and contractors. The exploitation involved CVE-2025-61882, a critical Oracle EBS vulnerability. Exposed data included full legal names, bank account numbers, Social Security numbers, tax identification numbers, and other payroll-related identifiers. The Washington Post is the same Oracle EBS vulnerability class that was exploited against University of Phoenix in August 2025 (Clop) and several other organizations in the Oracle EBS exploitation wave of 2025.