Clop’s Oracle EBS rampage reaches Dartmouth College

November 25, 2025 TH Author

Dartmouth College has confirmed it’s the latest victim of Clop’s Oracle E-Business Suite (EBS) smash-and-grab.

According to a breach notification filed with Maine’s attorney general, the New Hampshire Ivy League university says crooks exploited a now-patched zero-day in Oracle EBS and made off with data from its environment between August 9 and August 12. Dartmouth’s review found that at least 1,494 Maine residents had their names, Social Security Numbers, and, in some cases, financial account information stolen, though it hasn’t said how many people were affected overall.

The letter notes that Dartmouth immediately secured its systems, notified law enforcement, and later confirmed that multiple files had been exfiltrated during the three-day window. The university began sending out notification letters on November 24 and is offering one year of credit monitoring to those whose SSNs were exposed.

Dartmouth’s admission cements what has already become clear: Clop’s Oracle EBS raid was a sprawling campaign with a long list of victims. Earlier this month, The Washington Post disclosed that nearly 10,000 employees and contractors were caught up in the same wave of attacks, which followed earlier confirmations from the likes of Hitachi-owned GlobalLogic and Allianz UK.

Earlier this week, Cox Enterprises also came out as a victim, saying Clop had bagged the data of almost 10,000 individuals.

Clop’s MO has become all too familiar. The Russia-linked cybercrime crew has repeatedly targeted widely deployed enterprise platforms, hammering away at zero-days at an industrial scale and then shaking down victims via data theft rather than encryption. Its EBS campaign looks to have been no exception, and the number of victims continues to grow.

As if Oracle users needed more bad news, a separate actively exploited zero-day in Oracle Identity Manager was added to CISA’s Known Exploited Vulnerabilities catalog this week. That flaw, CVE-2025-61757, earned a mandatory December 12 patch deadline for federal agencies after researchers found that attackers had been exploiting it in the wild months before Oracle issued a fix – another reminder that Oracle shops remain a high-value target.

Dartmouth told affected individuals it has now applied all the “publicly available patches” Oracle released after the incident and plans to tighten oversight of its vendors’ security practices.

But the scope of the compromise remains unknown beyond the Maine tally, and the school’s notification suggests further exposure elsewhere.

With the Oracle EBS victim count continuing to grow, Dartmouth’s disclosure is just the latest entry in a long, messy queue – and one that organizations running Oracle estates may yet find themselves joining. ®