Dartmouth College today confirmed it notified more than 35,000 people of an August 2025 data breach that compromised names, Social Security numbers, and financial account info.
The state attorneys general of Maine, New Hampshire, and Texas have disclosed breach figures, and we expect more in the coming days. New Hampshire accounts for the majority of victims so far with 31,742 residents notified.
Dartmouth said hackers exploited a zero-day vulnerability in the Oracle E-Business Suite software, which large enterprises use to manage finances and human resources.
Ransomware gang Clop (“Cl0p”) took credit for the attack on its data leak site on November 11, 2025. Cl0p recently claimed responsibility for a spate of data breaches that exploited the same Oracle vulnerability.
Dartmouth has not verified Clop’s claim. We do not know if Dartmouth paid a ransom, how much Clop demanded, or how attackers breached Dartmouth’s network. Comparitech contacted Dartmouth for comment and will update this article if it replies.
“We recently completed an investigation of a data security incident that involved our Oracle eBusiness Suite (“EBS”) software,” Dartmouth says in its notice to victims.
“Through the investigation, we determined that an unauthorized actor took certain files between August 9, 2025, and August 12, 2025.”
Dartmouth is offering eligible victims free identity theft protection through Experian. The deadline to enroll is February 28, 2026.
Who is Clop?
Clop, or Cl0p, is a high-profile ransomware group that first surfaced in 2019. It specializes in exploiting zero-day software vulnerabilities, most recently in Oracle’s E-Business Suite and the Cleo file transfer software. Cl0p targets any organization using the vulnerable software. Like some other ransomware groups, Clop doesn’t always encrypt files. Instead, Clop steals data and then demands a ransom to not publish or sell it.
Clop has taken credit for 450 ransomware attacks in 2025 to date. More than 100 of those exploited the Oracle E-Business Suite zero-day.
17 of Clop’s claimed attacks this year have been publicly acknowledged by the targeted organizations, and 13 of those exploited the same Oracle vulnerability. They include:
- Harvard University (US)
- Wits University (South Africa)
- Envoy Air (US)
- Ansell Limited (Australia)
- The Washington Post (US)
- GlobalLogic (US)
- Hampton Roads Sanitation District (US)
- David Yurman Enterprises (US)
- Sato Corporation (Japan)
- Cox Enterprises (US)
- Canon (US)
- Mazda Motor Corporation (Japan)
Ransomware attacks on US education
Comparitech researchers have logged 42 confirmed ransomware attacks on US schools, colleges, and other educational institutions in 2025 so far, compromising 219,000 records.
Clop’s attack on Dartmouth is the second-largest such attack by number of records affected. The Cherokee County School District notified 46,119 people after a March 2025 data breach claimed by Interlock.
Yesterday, ransomware gang Qilin said it breached Lake Superior State University. The school disclosed a ransomware attack earlier this month.
Ransomware attacks on schools can steal data and lock down computer systems. In Clop’s case, it might just be the former. Data extortion forces businesses to pay a ransom for the ransomware gang to delete the stolen data. If the company doesn’t pay, then the ransomware group sells or publicly releases the data.
About Dartmouth College
Dartmouth College is a private Ivy League research university in New Hampshire. It enrolls about 6,700 students and employs roughly 4,000 people, according to external sources.
