Dartmouth College fell victim to a cyberattack targeting a zero-day vulnerability in Oracle E-Business Suite (EBS) software, exploited by the Russian cybercriminal group **Clop**. The breach occurred between **August 9–12, 2025**, resulting in the theft of sensitive personal and financial data belonging to **over 35,000 individuals** across multiple U.S. states, including **31,000 in New Hampshire alone**. Compromised information included **Social Security numbers, financial account details, and names**, exposing victims to risks like identity theft and fraud. Dartmouth notified regulators in Maine, California, Texas, and New Hampshire, offering affected individuals **one year of credit monitoring**. The attack was part of a broader campaign exploiting the same Oracle EBS flaw, impacting other high-profile organizations like **Cox Enterprises, Canon (U.S. subsidiary), Envoy Air, the Washington Post, and Harvard University**. Dartmouth applied Oracle’s security patch post-breach and involved law enforcement. The incident underscores the severe consequences of third-party software vulnerabilities in critical institutional systems, with long-term reputational and financial repercussions for the college and its stakeholders.
Source: https://therecord.media/dartmouth-data-breach-thousands
Dartmouth College cybersecurity rating report: https://www.rankiteo.com/company/dartmouth-college
"id": "DAR5402054112725",
"linkid": "dartmouth-college",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '35,000+ (31,000 in New '
'Hampshire, 1,494 in Maine, '
'1,956 in Texas)',
'industry': 'Higher Education',
'location': 'Hanover, New Hampshire, USA',
'name': 'Dartmouth College',
'type': 'Educational Institution'},
{'industry': 'Media & Communications',
'location': 'USA',
'name': 'Cox Enterprises',
'type': 'Corporation'},
{'industry': 'Technology/Manufacturing',
'location': 'USA',
'name': 'Canon (U.S. subsidiary)',
'type': 'Corporation'},
{'industry': 'Aviation',
'location': 'USA',
'name': 'Envoy Air',
'type': 'Airline'},
{'industry': 'News/Publishing',
'location': 'USA',
'name': 'The Washington Post',
'type': 'Media Organization'},
{'industry': 'Higher Education',
'location': 'Cambridge, Massachusetts, USA',
'name': 'Harvard University',
'type': 'Educational Institution'}],
'attack_vector': ['software vulnerability (Oracle EBS)', 'zero-day exploit'],
'customer_advisories': ['Victims offered 1 year of credit monitoring'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '35,000+',
'personally_identifiable_information': ['Social Security '
'numbers',
'names',
'financial account '
'data'],
'sensitivity_of_data': 'High (includes SSNs and financial '
'account data)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data']},
'description': 'More than 35,000 people across multiple states had '
'information stolen by hackers who attacked Dartmouth College '
'during a campaign against Oracle E-Business Suite (EBS) '
'software. The breach was part of a broader Russian '
'cybercriminal operation targeting EBS, with the Clop gang '
'leaking stolen data. Affected information includes Social '
'Security numbers, financial account data, and names. '
"Dartmouth installed Oracle's patch for the zero-day "
'vulnerability and offered victims one year of credit '
'monitoring.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'breach of sensitive data',
'data_compromised': ['Social Security numbers',
'financial account data',
'names'],
'identity_theft_risk': 'High (SSNs and financial data exposed)',
'payment_information_risk': 'Moderate (financial account data '
'exposed)',
'systems_affected': ['Oracle E-Business Suite (EBS)']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': 'Zero-day vulnerability in Oracle '
'E-Business Suite (EBS)',
'high_value_targets': ['Educational institutions',
'corporations using Oracle '
'EBS']},
'investigation_status': "Completed (as of Dartmouth's disclosure)",
'motivation': 'Financial gain (data theft for extortion/leak)',
'post_incident_analysis': {'corrective_actions': ['Applied Oracle-provided '
'patch',
'Offered credit monitoring '
'to victims'],
'root_causes': ['Exploitation of unpatched '
'zero-day vulnerability in Oracle '
'EBS']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Recorded Future News'},
{'source': 'Dartmouth College regulatory filings (Maine, '
'California, Texas, New Hampshire)'},
{'source': 'CISA Advisory on Oracle EBS Vulnerability'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine',
'California',
'Texas',
'New Hampshire']},
'response': {'communication_strategy': ['Filed notices with regulators in '
'Maine, California, Texas, and New '
'Hampshire'],
'containment_measures': ['Installed Oracle-provided patch for '
'the zero-day vulnerability'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Offered 1 year of credit monitoring to '
'victims']},
'threat_actor': ['Clop cybercriminal gang', 'Russian cybercriminal operation'],
'title': 'Dartmouth College Data Breach via Oracle E-Business Suite Exploit',
'type': ['data breach', 'cyberattack', 'zero-day exploit'],
'vulnerability_exploited': 'Zero-day vulnerability in Oracle E-Business Suite '
'(EBS)'}