Dartmouth College has disclosed a data breach after the Clop extortion group posted files it said were taken from the school’s Oracle E-Business Suite servers on a dark web leak site. The college said the incident involved exploitation of a zero-day vulnerability affecting Oracle E-Business Suite.
In a breach notification letter filed with the office of Maine’s Attorney General, Dartmouth said the attackers took certain files between August 9, 2025, and August 12, 2025, and that its review identified records for 1,494 individuals that included names and Social Security numbers.
An appendix to the filing said the threat actors also stole documents that contained the financial account information of impacted individuals. The college said letters were mailed to affected people on October 30, 2025. A Dartmouth spokesperson was not immediately available for comment when contacted about the ransom demand or the total number of people affected.
Security researchers and incident reports say the Clop gang has been exploiting a critical Oracle E-Business Suite flaw (tracked as CVE-2025-61882) since early August to steal sensitive files from multiple victims. The campaign has been linked to breaches at other large organisations and follows prior Clop operations that abused other enterprise file transfer products.
Dartmouth is headquartered in Hanover, New Hampshire, and the college said it has not yet submitted a state breach notice; it has not filed a notice with New Hampshire authorities, according to the state’s guidance page at the Attorney General’s office hasn’t yet filed a breach notice. The full scope of the campaign and the total number of individuals affected remain unclear.