Dartmouth School has disclosed a data breach after the Clop extortion gang leaked information allegedly stolen from the college’s Oracle E-Enterprise Suite servers on its darkish net leak web site.
The non-public Ivy League analysis college, based in 1769, has an endowment of $9 billion as of June 30, 2025, over 40 educational departments and applications, and greater than 4,000 undergraduate college students, with a 7:1 undergraduate-to-faculty ratio.
In a breach notification letter filed with the workplace of Maine’s Lawyer Common, Dartmouth says the attackers exploited an Oracle E-Enterprise Suite (EBS) zero-day vulnerability to steal private data belonging to 1,494 people.
Nevertheless, the full variety of folks doubtlessly impacted by this data breach is probably going a lot bigger, provided that the college is headquartered in Hanover, New Hampshire, and it hasn’t but filed a breach discover with the state’s Lawyer Common.
“By way of the investigation, we decided that an unauthorized actor took sure recordsdata between August 9, 2025, and August 12, 2025. We reviewed the recordsdata and on October 30, 2025, recognized a number of that contained your identify and Social Safety quantity,” the faculty says in letters mailed to these affected by the info leak.
In a separate appendix filed with Maine’s AG, Dartmouth added that the risk actors additionally stole paperwork containing the monetary account data of impacted people.
A Dartmouth School spokesperson was not instantly accessible for remark when contacted by BleepingComputer earlier in the present day concerning the ransom demanded by the Clop gang and the full variety of people impacted by the breach
The incident is a part of a a lot bigger extortion marketing campaign wherein the Clop ransomware gang has exploited a zero-day flaw (CVE-2025-61882) since early August 2025 to steal delicate recordsdata from many victims’ Oracle EBS platforms.
Whereas Clop has but to reveal the full variety of impacted organizations, Google Risk Intelligence Group chief analyst John Hultquist has instructed BleepingComputer that dozens of organizations have been seemingly breached.
In the identical marketing campaign, the extortion group has additionally focused Harvard College, The Washington Put up, Logitech, GlobalLogic, and American Airways subsidiary Envoy Air, with their information additionally leaked on-line and now accessible for obtain by way of Torrent.
Prior to now, Clop has additionally been behind information theft assaults focusing on Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Switch, the latter impacting over 2,770 organizations. The U.S. Division of State now gives a $10 million reward for data tying the gang’s assaults to a international authorities.
In latest weeks, Ivy League faculties have additionally been focused by voice phishing assaults, with Harvard College, Princeton College, and the College of Pennsylvania disclosing {that a} hacker breached inner techniques used for improvement and alumni actions to steal the private data of scholars, alumni, donors, employees, and college members.
Whether or not you are cleansing up outdated keys or setting guardrails for AI-generated code, this information helps your staff construct securely from the beginning.
Get the cheat sheet and take the guesswork out of secrets and techniques administration.
