Dartmouth College confirms data breach after Clop gang leaks stolen information

Dartmouth College disclosed a data breach after the Clop extortion group posted files allegedly taken from the school’s Oracle E-Business Suite servers on its dark web leak site. The private Ivy League research university, founded in 1769 and based in Hanover, New Hampshire, operates more than 40 academic departments and programs and serves over 4,000 undergraduates with a 7:1 student-faculty ratio. Its endowment stood at $9 billion as of June 30, 2025.

A breach notification filed with the office of Maine’s Attorney General states that attackers exploited a zero-day vulnerability in the Oracle E-Business Suite platform to obtain personal information belonging to 1,494 individuals. Dartmouth’s investigation found that an unauthorized actor removed files between August 9 and August 12, 2025. The review identified documents containing names and Social Security numbers, with notification letters mailed on October 30 to those affected. An appendix submitted to Maine authorities shows that the stolen data also included financial account information.

The overall impact is expected to extend beyond the group identified in the filing, as the school has not yet submitted a notice to New Hampshire regulators and serves a broader population than those listed in the current disclosure.

The exposure forms part of a wider extortion wave in which the Clop ransomware group has leveraged a zero-day flaw tracked as CVE-2025-61882 to steal sensitive files from Oracle EBS environments. The campaign began in early August and has affected multiple high-profile organizations. Targets whose leaked data is now circulating online include Harvard University, The Washington Post, Logitech, GlobalLogic, and Envoy Air, a subsidiary of American Airlines.

Clop has previously carried out large-scale data theft operations involving Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer, the latter impacting more than 2,770 organizations. The U.S. Department of State currently offers a $10 million reward for information linking the group’s activities to a foreign government.

Ivy League institutions have faced additional pressure in recent weeks. Harvard University, Princeton University, and the University of Pennsylvania each disclosed that a hacker accessed internal systems used for development and alumni operations, leading to the theft of personal information tied to students, alumni, donors, staff, and faculty.