Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school’s Oracle E-Business Suite servers on its dark web leak site.
The private Ivy League research university, founded in 1769, has an endowment of $9 billion as of June 30, 2025, over 40 academic departments and programs, and more than 4,000 undergraduate students, with a 7:1 undergraduate-to-faculty ratio.
In a breach notification letter filed with the office of Maine’s Attorney General, Dartmouth says the attackers exploited an Oracle E-Business Suite (EBS) zero-day vulnerability to steal personal information belonging to 1,494 individuals.
However, the total number of people potentially impacted by this data breach is likely much larger, given that the school is headquartered in Hanover, New Hampshire, and it hasn’t yet filed a breach notice with the state’s Attorney General.
“Through the investigation, we determined that an unauthorized actor took certain files between August 9, 2025, and August 12, 2025. We reviewed the files and on October 30, 2025, identified one or more that contained your name and Social Security number,” the college says in letters mailed to those affected by the data leak.
In a separate appendix filed with Maine’s AG, Dartmouth added that the threat actors also stole documents containing the financial account information of impacted individuals.
A Dartmouth College spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today regarding the ransom demanded by the Clop gang and the total number of individuals impacted by the breach
The incident is part of a much larger extortion campaign in which the Clop ransomware gang has exploited a zero-day flaw (CVE-2025-61882) since early August 2025 to steal sensitive files from many victims’ Oracle EBS platforms.
While Clop has yet to disclose the total number of impacted organizations, Google Threat Intelligence Group chief analyst John Hultquist has told BleepingComputer that dozens of organizations were likely breached.
In the same campaign, the extortion group has also targeted Harvard University, The Washington Post, Logitech, GlobalLogic, and American Airlines subsidiary Envoy Air, with their data also leaked online and now available for download via Torrent.
In the past, Clop has also been behind data theft attacks targeting Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer, the latter impacting over 2,770 organizations. The U.S. Department of State now offers a $10 million reward for information tying the gang’s attacks to a foreign government.
In recent weeks, Ivy League schools have also been targeted by voice phishing attacks, with Harvard University, Princeton University, and the University of Pennsylvania disclosing that a hacker breached internal systems used for development and alumni activities to steal the personal information of students, alumni, donors, staff, and faculty members.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.