Harvard University investigates data breach linked to critical Oracle zero-day flaw

Harvard University is one of the first publicly identified victims in the data theft campaign orchestrated by the Clop ransomware gang, which exploited a critical zero-day vulnerability in Oracle's E-Business Suite (EBS) software. The university was listed on Clop's dark web data leak site on October 11, 2025.

The attack most probably exploited a critical vulnerability tracked as CVE-2025-61882 (CVSS score 9.8), which affects the Oracle Concurrent Processing product within Oracle E-Business Suite. 

Harvard University Information Technology spokesperson confirmed to security researchers that the institution is investigating the breach. The university acknowledged that data associated with Harvard was obtained as a result of the zero-day vulnerability in the Oracle E-Business Suite system, emphasizing that this issue has impacted many Oracle EBS customers and is not specific to Harvard. 

The institution states they believe the incident impacts a limited number of parties associated with a small administrative unit. No details are disclosed about number of affected individuals or exposed data. 

Update - as of 5th of February 2026, ShinyHunters apparently leaked Harvard's stolen data on the dark web, including admissions and fundraising information with high-value donor details such as Mark Zuckerberg ($604 million contributor) with his home address and private email, Michael Bloomberg ($422 million), and Steve Ballmer ($102 million), along with legal documents and strategic fundraising meeting notes.