Dartmouth College has confirmed it was the victim of a zero-day data breach via Oracle’s E-Business Suite (EBS) applications, after the Clop ransomware gang leaked its stolen data.
“We recently completed an investigation of a data security incident that involved our Oracle eBusiness Suite (‘EBS’) software,” the university stated.
The Ivy League college is among hundreds of organizations impacted by the widespread Oracle EBS hack carried out by the Russian-speaking ransomware gang.
Dartmouth College confirms data breach via Oracle E-Business Suite
According to a cyber incident notice filed with the Office of the Maine Attorney General, the data breach impacted 1,494 state residents. In New Hampshire, the university informed state regulatory authorities that 31,742 residents were affected. The university has also filed similar data breach notifications in Texas and California. In the Lone Star state, 1,956 people were impacted.
Dartmouth says the attackers exfiltrated data between August 9, 2025, and August 12. The Ivy League institution with a $9 billion endowment as of June 2025, responded by initiating its incident response protocols, engaging third-party cyber forensics, and notifying law enforcement. On November 24, 2025, the elite university also began sending written notices to impacted individuals.
“Through the investigation, we determined that an unauthorized actor took certain files between August 9, 2025, and August 12, 2025,” it stated. “We reviewed the files and on October 30, 2025, identified one or more that contained your name and Social Security number.”
Details leaked include names, Social Security numbers, and financial account information. As a consolation, Dartmouth is offering one year of free identity theft protection services to individuals whose Social Security Numbers were exposed. It has also established a toll-free number to support the victims in navigating the data breach.
Additionally, the university asserted that it applied security fixes released by Oracle and would enhance its vendor vetting process to prevent a similar data breach.
“To help prevent a similar incident from occurring in the future, Dartmouth has implemented all publicly available patches provided following the incident for the Oracle EBS software and will continue to vet their vendors’ data security practices,” the university said.
Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) has warned of a new Oracle flaw being exploited in the wild and added it to its Known Exploited Vulnerability to Catalog.
CVE-2025-61757 is a critical (CVSS 9.8) vulnerability in Oracle Fusion Middleware that could allow an unauthenticated attacker to compromise the Identity Manager.
“What’s striking about the Harvard and Dartmouth breaches is that two completely different attack vectors (vishing and Oracle EBS zero-day exploitation) successfully targeted the same type of data at similar institutions within weeks, demonstrating that alumni and donor databases are being systematically targeted through multiple methods simultaneously,” stated Michael Bell, Founder & CEO, Suzu Labs. “These databases are gold mines: they contain high-net-worth individuals’ contact information, giving history that reveals financial capacity, and relationship networks enabling sophisticated social engineering and fraud.”
Growing list of Oracle EBS hack victims
The widespread hack, which began in early August 2025, exploits a critical (CVSS 9.8) zero-day vulnerability, CVE-2025-61882, in Oracle E-Business Suite applications. It allows an unauthenticated attacker to compromise Oracle Concurrent Processing via HTTP.
Besides Dartmouth, Harvard University, Southern Illinois University, and Tulane University were impacted by the Oracle EBS data breach.
Other victims of the Clop Oracle EBS hack include GlobalLogic, American Airlines subsidiary Envoy Air, Canon, Mazda, The Washington Post, and Logitech. The group lists over 100 organizations on its data leak site.
Previously, the Clop ransomware gang has exploited managed file transfer applications Accellion FTA, Cleo, GoAnywhere MFT, and MOVEit Transfer.
