Dartmouth College reports data breach caused by exploit of Oracle E-Business Suite vulnerability

Dartmouth College is reporting a data breach claimed by the Clop extortion gang.

The attackers used CVE-2025-61882 (CVSS score 9.8) to gain unauthorized access to its Oracle EBS servers between August 9 and August 12, 2025. The compromised information included:

• Names
• Social Security numbers
• Financial account information

The breach impacted at least 1,494 individuals based on notifications filed with the Maine Attorney General's office, but the actual number of affected persons is likely substantially higher. The total number of affected individuals is not disclosed.

The institution began mailing notification letters to affected individuals on November 24, 2025, and is offering one year of complimentary credit monitoring services to those whose Social Security numbers were compromised.

Dartmouth has stated that it has applied all publicly available patches released by Oracle following the incident and plans to strengthen oversight of vendor security practices. 

Update - as of 27th of November 2025, the college reports that more than 35,000 people across multiple states were impacted by the attack.

As of 1st of December 2025, Dartmouth reported the breach exposed 31,742 New Hampshire residents and 12,701 Vermont residents. That brings the total impacted to over 44,000.