Dartmouth College, a prestigious Ivy League institution, suffered a significant data breach in early August when the Clop extortion group exploited a zero-day vulnerability (CVE-2025-61882) in its Oracle E-Business Suite system. The attackers accessed confidential files over a three-day window (August 9–12), exfiltrating personal and financial data, including Social Security numbers (1,494+ confirmed) and bank account details. The breach was part of a broader Clop campaign targeting elite institutions by leveraging the same Oracle flaw to steal sensitive data without encrypting systems. While Dartmouth has not confirmed a ransom demand, the incident aligns with Clop’s shift toward data-theft extortion, where victims face public exposure if they refuse to pay. The breach underscores vulnerabilities in higher education’s legacy IT systems, compounded by decentralized security practices. The full scope of the impact remains unclear, but the exposed data poses long-term identity theft risks for affected individuals, including students, faculty, and alumni. The university has begun notifying victims and advising credit monitoring, though the lack of transparency around ransom negotiations leaves critical questions unanswered.
Source: https://the420.in/dartmouth-college-data-breach-clop-oracle-zero-day-cyberattack/
CERIAS at Purdue University cybersecurity rating report: https://www.rankiteo.com/company/cerias
"id": "CER35102735112625",
"linkid": "cerias",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '1,494+ individuals (expected to '
'grow)',
'industry': 'Higher Education',
'location': 'Hanover, New Hampshire, USA',
'name': 'Dartmouth College',
'size': 'Medium (Ivy League, $9 billion endowment)',
'type': 'Educational Institution (University)'}],
'attack_vector': 'Exploitation of Oracle E-Business Suite Zero-Day '
'Vulnerability (CVE-2025-61882)',
'customer_advisories': ['Affected individuals advised to take steps to '
'protect against identity theft (e.g., credit '
'monitoring).'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '1,494+ (expected to increase)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers (SSNs)',
'Bank Account '
'Information'],
'sensitivity_of_data': 'High (SSNs, bank account information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2025-08-12',
'date_publicly_disclosed': '2025-11-01',
'description': 'Dartmouth College, an Ivy League institution, disclosed a '
'significant data breach after the Clop extortion group '
'exploited a zero-day vulnerability (CVE-2025-61882) in its '
'Oracle E-Business Suite systems. The attack, detected in '
'early August 2025, exposed personal and financial data of at '
'least 1,494 individuals, including names and Social Security '
'numbers. The breach is part of a broader campaign by Clop '
'targeting elite institutions and major companies, leveraging '
'data theft rather than encryption for extortion. The '
'university has not disclosed whether a ransom was demanded or '
'paid.',
'impact': {'brand_reputation_impact': 'High (Ivy League institution, '
'sensitive data exposure)',
'data_compromised': True,
'identity_theft_risk': 'High (SSNs and bank account details '
'compromised)',
'legal_liabilities': 'Potential (exposure of PII, including SSNs '
'and bank account information)',
'payment_information_risk': 'High (bank account information '
'exposed)',
'systems_affected': ['Oracle E-Business Suite']},
'initial_access_broker': {'data_sold_on_dark_web': "Likely (Clop's dark-web "
'leak site published '
'stolen files)',
'entry_point': 'Oracle E-Business Suite Zero-Day '
'Vulnerability (CVE-2025-61882)',
'high_value_targets': ['Financial data',
'PII (SSNs, bank accounts)']},
'investigation_status': 'Ongoing (federal investigators involved, but no '
'public details released)',
'lessons_learned': 'The breach highlights the vulnerability of '
'higher-education institutions to sophisticated ransomware '
'groups exploiting zero-day vulnerabilities in legacy '
'systems like Oracle E-Business Suite. Decentralized IT '
'environments and resource constraints further exacerbate '
'risks, particularly for institutions storing decades of '
'sensitive personal and financial data. The shift from '
'encryption-based ransomware to pure data theft tactics '
'reduces operational disruption but increases extortion '
'pressure and long-term reputational/legal risks.',
'motivation': ['Financial Gain', 'Data Extortion'],
'post_incident_analysis': {'root_causes': ['Exploitation of unpatched '
'zero-day vulnerability in Oracle '
'E-Business Suite.',
'Delayed detection (3-day window '
'for data exfiltration).',
'Complex IT environment combining '
'legacy and modern systems (common '
'in higher education).',
'Targeted campaign by Clop '
'leveraging a known flaw across '
'multiple high-profile victims.']},
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Clop'},
'recommendations': ['Patch management for zero-day vulnerabilities in '
'critical enterprise systems (e.g., Oracle E-Business '
'Suite).',
'Enhanced monitoring for unusual data access patterns, '
'especially in legacy systems.',
'Segmentation of high-value administrative systems (e.g., '
'finance, alumni databases) from broader campus networks.',
'Proactive threat intelligence sharing with peer '
'institutions (e.g., Ivy League cybersecurity '
'collaborations).',
'Regular security audits for systems storing '
'PII/financial data, with prioritization for '
'endowment-rich targets.',
'Employee training to mitigate phishing risks '
'(complementary to zero-day exploit defenses).',
'Preparation for data breach response, including legal, '
'PR, and victim notification protocols.'],
'references': [{'date_accessed': '2025-11-01',
'source': 'Dartmouth College Breach Notification (Maine '
'Attorney General Filing)'},
{'date_accessed': '2025-11-01',
'source': 'Cybersecurity Analysts (Google Threat Intelligence '
'Group)'},
{'date_accessed': '2025-11-01',
'source': 'U.S. State Department Reward Announcement for Clop '
'Ransomware Group'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General (breach '
'notification)']},
'response': {'communication_strategy': ['Regulatory filings (Maine Attorney '
'General)',
'Public disclosure via media',
'Direct mail notifications to '
'victims'],
'incident_response_plan_activated': True,
'law_enforcement_notified': 'Likely (federal investigators '
'involved, but details not '
'disclosed)',
'recovery_measures': ['Notification letters sent to affected '
'individuals (starting November 2025)']},
'stakeholder_advisories': ['Victims notified via mail to monitor accounts for '
'identity theft.'],
'threat_actor': 'Clop Ransomware Group',
'title': 'Dartmouth College Data Breach via Oracle E-Business Suite Exploit '
'by Clop Ransomware Group',
'type': ['Data Breach', 'Ransomware (Data Theft)'],
'vulnerability_exploited': 'CVE-2025-61882 (Oracle E-Business Suite Zero-Day)'}