Yesterday, it was confirmed that 80,867 people were impacted in a data breach at Tulane University. The breach follows a ransomware incident in August 2025.
In its notification, Tulane University explained that the breach arose following a zero-day vulnerability in Oracle’s E-Business Suite application. Ransomware group Clop claimed responsibility for this exploit and added Tulane to its data leak site in November 2025.
Data affected includes:
- Names
- Social Security numbers
- Direct deposit and banking information
Tulane University uses Oracle for its human resources information and explains: “Upon learning of the zero-day vulnerability, Tulane immediately launched an investigation, notified law enforcement, and applied patches provided by Oracle to address the vulnerability in Oracle eBusiness Suite application.”
Anyone impacted is being offered complimentary access to Experian IdentityWorksSM, an identity theft protection service.
Who is Clop?
Clop (sometimes written Cl0p) is a prominent ransomware group that dates back to 2019. Many of Clop’s victims are derived from zero-day software vulnerabilities, with some of the most recent being the Oracle exploit and the Cleo file transfer software exploit. Clop targets any company using the vulnerable software, exploiting ones that may not have patched the vulnerability. In many cases, Clop seeks to steal data (rather than encrypt files), demanding a ransom to prevent the data from being leaked.
Throughout 2025, Clop added 458 victims to its data leak site. Of these, around 120 were attributed to the Oracle exploit. So far, over 30 of these companies have confirmed a breach following this exploit – six of these are educational institutions.
As well as Tulane University, the following have confirmed breaches:
- Harvard University, US – unknown number of people affected (41 in Massachusetts and 4 in New Hampshire confirmed)
- University of the Witwatersrand (Wits University), South Africa – unknown number of people affected
- Dartmouth College, US – 99,596 people affected
- The University of Pennsylvania, US – 46,491 people affected
- University of Phoenix, US – 3,489,274 people affected
So far this year, Clop has added 122 companies to its data leak site. One of these (CFDT in France) has been confirmed.
Ransomware attacks on US schools & colleges
In 2025, we noted 54 confirmed ransomware attacks on the US education sector. Across these attacks, over 4 million records have been affected.
This attack on Tulane University is the third-largest ransomware attack on a US education provider in 2025 (by records affected). The largest were the University of Phoenix and Dartmouth College, noted above.
Yesterday, the number of people impacted in a December 2025 attack on Goodwin University was also confirmed. Here, 56,156 people were affected with names, Social Security numbers, driver’s license numbers, state IDs, and personal health information impacted. Qilin claimed this attack.
10 attacks have been confirmed this year so far. We are also monitoring 76 unconfirmed attacks from 2025 and a further 20 throughout 2026.
Ransomware attacks on the education sector not only have the potential to cause mass data breaches but may also cause widespread disruption when systems are encrypted. Last month, Delano Public Schools had to cancel classes for a day following a ransomware attack. The hackers in this case haven’t claimed responsibility as of yet, despite Delano saying it hadn’t met the ransom demands.
About Tulane University
Tulane is a private university located in New Orleans, Louisiana. It was founded in 1834 as the Medical College of Louisiana. Today, it enrols around 13,000 to 15,000 students.