At least 35,000 impacted by Dartmouth College breach through Oracle EBS campaign

More than 35,000 people across multiple states had information stolen by hackers who attacked Dartmouth College during a campaign against a popular line of software from Oracle. 

The Ivy League college did not respond to requests for comment but filed notices with regulators in Maine, California, Texas and New Hampshire. The school said it recently completed an investigation into an incident involving Oracle E-Business Suite (EBS) software, which was targeted by a Russian cybercriminal operation this summer.

Dartmouth officials said they use EBS to manage operations and notified law enforcement when they realized they were impacted by the hacking campaign against it. 

“Through the investigation, Dartmouth determined that an unauthorized actor took certain files between August 9, 2025 and August 12, 2025,” the school said in letters to regulators in New Hampshire, where more than 31,000 victims are based. 

Some of the leaked information includes Social Security numbers, financial account data and names. Victims are being given one year of access to credit monitoring services. 

They noted they have installed the patch issued by Oracle to deal with the zero-day vulnerability that impacted EBS software. 

Dartmouth did not respond to requests for comment about how many people in total were impacted by the campaign. In addition to the 31,000 people in New Hampshire, 1,494 victims live in Maine and 1,956 are in Texas. 

The Clop cybercriminal gang has spent weeks leaking data stolen from victims through EBS, with several prominent organizations confirming the legitimacy of the information. 

Over the last week, Cox Enterprises confirmed it was affected by the campaign and a spokesperson for Japanese tech manufacturer Canon confirmed to Recorded Future News that a subsidiary of its corporate arm in the U.S. had information stolen. 

So far, regional airline Envoy Air, the Washington Post and Harvard University have confirmed that information was stolen from their systems through the Oracle vulnerability. 

Last Friday, the Cybersecurity and Infrastructure Security Agency (CISA) said a new vulnerability impacting Oracle software is being exploited by hackers. 

Dartmouth became the latest school to confirm a breach this week after Harvard University warned on Saturday of a separate incident where officials discovered hackers accessed IT systems used by its Alumni Affairs and Development office through a “phone-based phishing attack.”

The university said the hackers accessed data about alumni, their spouses or partners, donors to Harvard, parents of current and former students, as well as some current students, faculty and staff. 

The information accessed includes email addresses, phone numbers, home addresses, details on donations and biographical information on alumni. 

The school added that the systems did “not generally contain Social Security numbers, passwords, payment card information, or financial account numbers.”

In addition to Dartmouth and Harvard, multiple other Ivy League schools have reported cybersecurity incidents this year, including Columbia University and the University of Pennsylvania.