HANOVER, N.H. (WCAX) - A data breach at Dartmouth College compromised the personal information of roughly 40,000 people.
Dartmouth said an unknown person targeted Oracle’s eBusiness Suite software the college uses. Past and present students and employees are affected. Varying levels of personal information were potentially stolen.
Dartmouth is in the process of notifying everyone involved. Multiple other colleges and businesses were victims.
“Dartmouth is notifying and offering support to individuals whose data was included in this incident in accordance with applicable law,” said Dartmouth spokesperson Jana Barnello.
She added that the incident was not the result of any phishing attack on a member of the Dartmouth community or any other action or inaction on Dartmouth’s part.
Copyright 2025 WCAX. All rights reserved.
Source: https://www.wcax.com/2025/12/05/data-breach-dartmouth-college-compromises-information-40000-people/
TPRM report: https://www.rankiteo.com/company/dartmouth-college
"id": "dar1764958422",
"linkid": "dartmouth-college",
"type": "Breach",
"date": "2025-12-05T00:00:00.000Z",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': '40,000',
'industry': 'Education',
'location': 'Hanover, New Hampshire, USA',
'name': 'Dartmouth College',
'size': None,
'type': 'Educational Institution'}],
'attack_vector': 'Exploitation of Oracle’s eBusiness Suite '
'software',
'customer_advisories': 'Notifying and offering support to '
'affected individuals',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '40,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Varying levels',
'type_of_data_compromised': 'Personal '
'information'},
'description': 'A data breach at Dartmouth College compromised '
'the personal information of roughly 40,000 '
'people. An unknown person targeted Oracle’s '
'eBusiness Suite software the college uses, '
'affecting past and present students and '
'employees with varying levels of personal '
'information potentially stolen.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Oracle’s eBusiness Suite '
'software'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'WCAX',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notifying affected '
'individuals and offering '
'support',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unknown',
'title': 'Dartmouth College Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Oracle’s eBusiness Suite software '
'vulnerability'}}