Dartmouth College has confirmed a data breach involving personal information stolen from its Oracle E-Business Suite (EBS) servers, which was subsequently leaked by the Clop extortion gang on their dark web site. The private Ivy League research university, established in 1769 with a substantial $9 billion endowment as of mid-2025, notified the Maine Attorney General’s office that attackers exploited an Oracle EBS zero-day vulnerability to compromise data belonging to 1,494 individuals. The breach, which occurred between August 9 and August 12, 2025, involved the unauthorized actor accessing files containing names, Social Security numbers, and financial account information, according to letters sent to affected parties, though the total number of impacted individuals is likely much larger given the institution’s New Hampshire headquarters.
This breach is connected to a significantly larger extortion campaign orchestrated by the Clop ransomware and extortion group, which has been actively exploiting the zero-day flaw, identified as CVE-2025-61882, in Oracle EBS platforms since early August 2025. While Clop has not yet revealed the full scope of their campaign, security experts estimate dozens of organizations have likely been affected. The group’s method involves stealing sensitive files through the exploited flaw and subsequently pressuring victims to pay a ransom by threatening to leak the data.
Dartmouth is one of several high-profile victims in this specific Clop campaign, which has also successfully targeted Harvard University, the major news organization The Washington Post, technology firm Logitech, GlobalLogic, and American Airlines subsidiary Envoy Air. The sensitive data stolen from all these entities has also been leaked online by the Clop gang and made available for public download, typically via Torrent files. This aggressive operation demonstrates Clop’s continued focus on exploiting vulnerabilities in widely used enterprise software to maximize their data theft and extortion revenue.
The group behind the attack, Clop, has an established history of conducting massive, large-scale data theft operations by targeting zero-day vulnerabilities in common file transfer solutions. Notable previous campaigns include attacks leveraging flaws in Accellion FTA, GoAnywhere MFT, Cleo, and most recently, the devastating MOVEit Transfer vulnerability, which alone impacted more than 2,770 organizations globally. The continued sophistication and scale of Clop’s activities have led the U.S. Department of State to offer a reward of $10 million for any information linking the group’s attacks to a foreign government.
In addition to this major Oracle EBS exploit, Ivy League institutions have faced other security challenges in recent weeks, specifically from voice phishing (vishing) attacks. Harvard University, Princeton University, and the University of Pennsylvania have all disclosed incidents where hackers successfully breached internal systems used for essential development and alumni activities. These separate, but concerning, attacks led to the theft of personal information belonging to students, alumni, donors, staff, and faculty members across those elite universities, underscoring a persistent threat landscape for high-value targets in the education sector.
Reference:
