Data Breaches

Dartmouth College Confirms Data Theft in Oracle Hack

Dartmouth College has disclosed a data breach after cybercriminals leaked over 226 Gb of files stolen from the university.

Dartmouth College data breach

Dartmouth College on Tuesday confirmed suffering a data breach after cybercriminals targeted its Oracle E-Business Suite (EBS) instance.

The Ivy League research university said it uses Oracle EBS to manage its operations, and its EBS instance was targeted in the recent zero-day attack between August 9 and August 12. 

Dartmouth College determined in late October that the attackers managed to exfiltrate files containing personal and financial information, including Social Security numbers.

The university told the Maine Attorney General that nearly 1,500 residents of the state are impacted. In New Hampshire, authorities were told that more than 31,000 people are affected. The total number of affected people has not been disclosed.

The Cl0p ransomware group, which is the public-facing entity taking credit for the Oracle EBS campaign, has been listing victims on its leak website. 

More than 100 alleged victims have been named to date, and for more than half cybercriminals have leaked data allegedly stolen from their systems. 

Advertisement. Scroll to continue reading.

In the case of Dartmouth, the cybercriminals made public 226 Gb of archives containing files allegedly stolen from the university. SecurityWeek has not downloaded the files, but a brief file tree and metadata analysis suggests that the data does come from Dartmouth. 

In addition to Dartmouth, the Cl0p website names Southern Illinois University, Harvard University, and Tulane University as victims of the Oracle hack. Harvard already confirmed that it was hit. Southern Illinois University was also targeted in the 2023 MOVEit campaign, which was attributed to the same threat actor.

Canon and Mazda confirmed to SecurityWeek in recent days that they have also been targeted in the Oracle campaign, but the carmaker said it found no evidence of data leakage.

Related: Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims

Related: Logitech Confirms Data Breach Following Designation as Oracle Hack Victim

Related: Washington Post Says Nearly 10,000 Employees Impacted by Oracle Hack

Related Content

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Vulnerabilities

The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version