Dartmouth College has confirmed that a cybersecurity breach compromised the personal data of over 40,000 individuals, including nearly 32,000 in New Hampshire and more than 12,000 in Vermont, after hackers exploited a vulnerability in a widely used software system.
The attack, which occurred over a three-day span in early August, targeted the Oracle eBusiness Suite, software used by Dartmouth and other institutions to manage operations.
[RELATED: Dartmouth faculty denounce Trump admin’s higher ed compact as ‘fascist’ and ‘unconstitutional’]
A known ransomware group has claimed responsibility for the breach according to Valley News, which has reportedly affected over 100 organizations.
According to filings with state attorneys general, the compromised data includes names, Social Security numbers, and financial account details.
Dartmouth began notifying victims by mail last week and is offering a year of free identity protection through Experian.
[RELATED: Dartmouth president refuses to join Ivy League push against Trump, pledges institutional neutrality]
Dartmouth says the breach was not caused by phishing or internal user error. After Oracle disclosed the issue in October, the college launched an investigation and confirmed on Oct. 30 that sensitive data had been accessed. Officials said time was needed to review affected files and identify impacted individuals.
In response, Dartmouth has implemented all available security patches and set up a hotline for those affect
TPRM report: https://www.rankiteo.com/company/dartmouth-college
"id": "dar1764950537",
"linkid": "dartmouth-college",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '40,000+ '
'individuals '
'(32,000 in New '
'Hampshire, 12,000 '
'in Vermont)',
'industry': 'Higher Education',
'location': 'New Hampshire, USA',
'name': 'Dartmouth College',
'size': None,
'type': 'Educational Institution'}],
'attack_vector': 'Exploitation of software vulnerability',
'customer_advisories': 'Notifying victims by mail, offering free '
'identity protection through Experian',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '40,000+',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security '
'numbers',
'Financial account '
'details']},
'date_detected': '2023-10-30',
'description': 'Dartmouth College confirmed a cybersecurity '
'breach that compromised the personal data of '
'over 40,000 individuals after hackers exploited '
'a vulnerability in the Oracle eBusiness Suite '
'software system.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal data, including names, '
'Social Security numbers, and '
'financial account details',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': 'Oracle eBusiness Suite'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Implemented '
'all available '
'security '
'patches',
'root_causes': 'Exploitation of '
'Oracle eBusiness '
'Suite vulnerability'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Valley News',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Filings '
'with '
'state '
'attorneys '
'general'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notifying victims by '
'mail, offering free '
'identity protection '
'through Experian, '
'setting up a hotline for '
'affected individuals',
'containment_measures': 'Implemented all available '
'security patches',
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Known ransomware group',
'title': 'Dartmouth College Cybersecurity Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Oracle eBusiness Suite '
'vulnerability'}