The personal information of almost 10,000 current and former employees of the Post may have been compromised.
The data breach occurred between July and August, and The Washington Post notified those impacted last month. | Andrew Harnik/Getty Images By Maggie Miller 12/05/2025 03:56 PM EST
A former employee of The Washington Post filed a class action lawsuit against the outlet on Friday over a recent breach that compromised the personal data of thousands of current and former employees.
Jun Hee Kim, who according to the filing worked at the Post from 2018 to 2019, filed the suit on behalf of the almost 10,000 current and former employees, and says the Post did not adequately secure their personal data.
The Post disclosed the breach earlier this year. It noted that around 9,700 individuals were impacted by the hack, and their personal data, including names, Social Security numbers and banking information, may have been compromised. The breach occurred between July and August, and the news organization notified those impacted last month.
Source: https://www.politico.com/news/2025/12/05/washington-post-lawsuit-data-breach-00678978
The Washington Post cybersecurity rating report: https://www.rankiteo.com/company/washingtonpost
"id": "WAS1764972327",
"linkid": "washingtonpost",
"type": "Breach",
"date": "8/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '9,700 current and '
'former employees',
'industry': 'News and Media',
'location': None,
'name': 'The Washington Post',
'size': None,
'type': 'Media Organization'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '9,700',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security '
'numbers',
'Banking '
'information']},
'date_publicly_disclosed': '2025-12-05',
'description': 'The personal information of almost 10,000 '
'current and former employees of The Washington '
'Post may have been compromised in a data breach '
'that occurred between July and August. The '
'breach exposed names, Social Security numbers, '
'and banking information.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal data, including names, '
'Social Security numbers, and '
'banking information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action lawsuit filed',
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': '2025-12-05',
'source': 'Politico',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Class action lawsuit '
'filed',
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notified impacted '
'individuals last month',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Washington Post Employee Data Breach',
'type': 'Data Breach'}