Description: Dartmouth College experienced a **data breach** between **August 9–12, 2025**, after cybercriminals exploited vulnerabilities in its inadequately secured network. The breach resulted in unauthorized access to sensitive personal information of **tens of thousands of individuals**, including **names, Social Security numbers, financial account details, and credit/debit card information**. The compromised data poses severe risks, such as **identity theft, financial fraud, and potential sale on the dark web**. A forensic investigation confirmed the breach, and Murphy Law Firm is now pursuing a **class action lawsuit** on behalf of affected individuals to recover damages. The exposure of such highly sensitive data undermines trust in the institution and leaves victims vulnerable to long-term exploitation by cybercriminals. The breach highlights critical failures in Dartmouth’s cybersecurity measures, raising concerns over its ability to protect personal and financial data from future attacks. Legal action is being evaluated to hold the institution accountable for negligence in safeguarding confidential information.

Description: Dartmouth College fell victim to a cyberattack targeting a zero-day vulnerability in Oracle E-Business Suite (EBS) software, exploited by the Russian cybercriminal group **Clop**. The breach occurred between **August 9–12, 2025**, resulting in the theft of sensitive personal and financial data belonging to **over 35,000 individuals** across multiple U.S. states, including **31,000 in New Hampshire alone**. Compromised information included **Social Security numbers, financial account details, and names**, exposing victims to risks like identity theft and fraud. Dartmouth notified regulators in Maine, California, Texas, and New Hampshire, offering affected individuals **one year of credit monitoring**. The attack was part of a broader campaign exploiting the same Oracle EBS flaw, impacting other high-profile organizations like **Cox Enterprises, Canon (U.S. subsidiary), Envoy Air, the Washington Post, and Harvard University**. Dartmouth applied Oracle’s security patch post-breach and involved law enforcement. The incident underscores the severe consequences of third-party software vulnerabilities in critical institutional systems, with long-term reputational and financial repercussions for the college and its stakeholders.

Description: Dartmouth College, an Ivy League research university, suffered a data breach in August 2025 after hackers exploited a zero-day vulnerability in its Oracle E-Business Suite software. The breach, attributed to the Clop (Cl0p) ransomware gang, compromised sensitive personal and financial data—including names, Social Security numbers, and financial account information—of over **35,000 individuals**, primarily affecting residents of New Hampshire (31,742 victims). While Dartmouth has not confirmed whether a ransom was paid, Clop publicly claimed responsibility on its leak site in November 2025, aligning with its pattern of data extortion rather than encryption. The attack targeted a widely used enterprise system, leveraging the same Oracle vulnerability exploited in prior breaches at institutions like Harvard, Canon, and Mazda. Dartmouth offered affected individuals free identity theft protection via Experian, acknowledging the severe risk of fraud and identity theft. The incident marks one of the largest ransomware attacks on a U.S. educational institution in 2025, underscoring vulnerabilities in higher education cybersecurity and the escalating threat posed by ransomware groups exploiting zero-day flaws.

Description: Dartmouth College suffered a major cybersecurity breach after the **Cl0p ransomware gang** exploited a **zero-day vulnerability (CVE-2025-61884)** in its **Oracle E-Business Suite (EBS)** system. The attackers gained unauthorized access between **August 9–12, 2025**, exfiltrating **226GB of sensitive data**, including **Social Security numbers (SSNs), bank account details (with routing numbers), personal names, and other PII** of at least **1,494 individuals** (primarily Maine residents), though the total impact is likely far larger. Despite Oracle releasing patches in **October 2025**, Dartmouth’s forensic investigation confirmed the breach only on **October 30, 2025**, with Cl0p later **leaking the stolen data** on its dark web site in **November 2025**. The incident highlights the gang’s targeted campaign against **higher education institutions** via unpatched EBS vulnerabilities, exposing victims to **identity theft, financial fraud, and long-term reputational harm**. The breach underscores critical failures in **patch management, access controls, and incident response** within the college’s ERP infrastructure.

Description: Dartmouth College, located just across the Connecticut River from Vermont in Hanover, New Hampshire, has notified more than 35,000 people that their personal information was stolen in a cyberattack this past summer. The breach affects current and former employees, students, and alumni—including many Vermonters who have worked at, attended, or have other ties to the Ivy League institution. Here’s what happened, what information was compromised, and what steps affected individuals should take to protect themselves. What Happened Between August 9 and August 12, 2025, hackers exploited a previously unknown security flaw—known as a “zero-day vulnerability”—in Oracle E-Business Suite software that Dartmouth uses to manage payroll, human resources, and financial operations. According to the college’s official notification, the attackers gained unauthorized access to the system and downloaded files containing sensitive personal data. The vulnerability, tracked as CVE-2025-61882, was not publicly known at the time of the attack, meaning Dartmouth had no way to patch the flaw before hackers exploited it. Cybersecurity researchers at CrowdStrike have attributed the attack to a cybercriminal group known as Cl0p, which has targeted numerous organizations worldwide using similar methods. Who Is Affected The breach impacts an estimated 35,000 or more individuals, according to The Record. This includes employees, former employees, students, alumni, and others whose information was stor

Description: A student walks on the campus of Dartmouth College in Hanover, New Hampshire, on March 5, 2024. Photo by Robert F. Bukaty/AP This story by Clare Shanahan was first published in the Valley News on Dec. 1, 2025. HANOVER — More than 40,000 people in Vermont and New Hampshire may have been impacted by a data breach in a system used by Dartmouth College. Last week, Dartmouth started mailing letters to the people whose personal information was included in data stolen over three days in early August. During that time, an “unauthorized actor” was able to access Dartmouth College files and take data, including “one or more” files that had personal information such as names, Social Security numbers and financial account information, according to reports Dartmouth filed with the offices of the attorneys general of New Hampshire and Vermont last week. The breach was part of a widespread attack on the Oracle eBusiness Suite, a platform Dartmouth and many other companies use to manage operations. A ransomware group has been taking credit for the attack and it has identified more than 100 companies impacted by the breach, according to reporting from SecurityWeek. “This incident was not the result of any ‘phishing’ attack on a member of the Dartmouth community or any other action or inaction on Dartmouth’s part,” college spokesperson Jana Barnello said. After Oracle reported the security breach in early October, Dartmouth launched an investigation “as quickly as possible” to identify t