Oracle and Tulane University: Tulane employees’ social security numbers, banking details exposed in data breach • The Tulane Hullabaloo

Tulane University Data Breach Exposes Employee and Student Worker Information

Tulane University has confirmed a data breach affecting multiple employees and student workers, exposing sensitive personal and financial information. The breach, disclosed in letters sent on April 2, revealed that names, Social Security numbers, and direct deposit banking details stored in Oracle’s E-Business Suite (EBS) were compromised.

The university first detected the breach on March 12, after unauthorized access occurred on August 10, 2025, exploiting a vulnerability in Oracle EBS. The attack may be linked to a flaw first exploited on August 9, 2025, which cybersecurity firms Google Threat Intelligence and Mandiant attribute to the Cl0p ransomware group, a Russian-speaking extortion operation. On November 19, 2025, Cl0p publicly claimed responsibility for the attack and threatened to release the stolen files, according to dark web monitoring site DeXpose.

Tulane had been using Oracle EBS until March 20, 2025, when it transitioned to Oracle Cloud. Following the breach, the university launched an investigation, notified law enforcement, and worked with Oracle and third-party cybersecurity vendors to address the vulnerability.

This incident follows two prior Oracle breaches in 2025: a January breach exposing over 140,000 Oracle Cloud users and six million sensitive records, and an April breach where hackers stole client login credentials. Tulane has expressed regret over the incident and stated that corrective measures have been implemented to prevent future occurrences. The total number of affected individuals remains unclear.

Source: https://tulanehullabaloo.com/74531/news/tulane-employees-social-security-numbers-banking-details-exposed-in-data-breach/

Tulane University cybersecurity rating report: https://www.rankiteo.com/company/tulane-university

Oracle cybersecurity rating report: https://www.rankiteo.com/company/oracle

"id": "TULORA1777415654",
"linkid": "tulane-university, oracle",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Employees and student workers',
                        'industry': 'Education',
                        'name': 'Tulane University',
                        'type': 'University'}],
 'attack_vector': 'Exploitation of vulnerability in Oracle E-Business Suite '
                  '(EBS)',
 'customer_advisories': 'Letters sent to affected individuals on April 2, 2025',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'numbers',
                                                         'Direct deposit '
                                                         'banking details'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Financial Information']},
 'date_detected': '2025-03-12',
 'date_publicly_disclosed': '2025-04-02',
 'description': 'Tulane University has confirmed a data breach affecting '
                'multiple employees and student workers, exposing sensitive '
                'personal and financial information. The breach revealed that '
                'names, Social Security numbers, and direct deposit banking '
                'details stored in Oracle’s E-Business Suite (EBS) were '
                'compromised.',
 'impact': {'brand_reputation_impact': 'Yes',
            'data_compromised': 'Names, Social Security numbers, direct '
                                'deposit banking details',
            'identity_theft_risk': 'Yes',
            'payment_information_risk': 'Yes',
            'systems_affected': 'Oracle E-Business Suite (EBS)'},
 'initial_access_broker': {'entry_point': 'Oracle E-Business Suite (EBS) '
                                          'vulnerability'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Corrective measures have been implemented to prevent '
                    'future occurrences.',
 'motivation': 'Extortion',
 'post_incident_analysis': {'corrective_actions': 'Transitioned to Oracle '
                                                  'Cloud, implemented '
                                                  'corrective measures',
                            'root_causes': 'Exploitation of Oracle EBS '
                                           'vulnerability'},
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Cl0p'},
 'references': [{'source': 'Google Threat Intelligence and Mandiant'},
                {'source': 'DeXpose (dark web monitoring site)'}],
 'response': {'communication_strategy': 'Letters sent to affected individuals',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes',
              'remediation_measures': 'Addressed the vulnerability',
              'third_party_assistance': 'Oracle and third-party cybersecurity '
                                        'vendors'},
 'threat_actor': 'Cl0p ransomware group',
 'title': 'Tulane University Data Breach Exposes Employee and Student Worker '
          'Information',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Oracle EBS vulnerability'}