Clop’s Oracle EBS rampage reaches Dartmouth College

Steven

Clop’s Oracle EBS rampage reaches Dartmouth College

Summary

Dartmouth College has confirmed it was breached after criminals exploited a now-patched zero-day in Oracle E-Business Suite (EBS). The university says the intrusion occurred between 9–12 August and that multiple files were exfiltrated during that window.

A breach notification filed with Maine’s attorney general states at least 1,494 Maine residents had names and Social Security numbers stolen, and some also had financial account information exposed. Dartmouth began sending notification letters on 24 November and is offering one year of credit monitoring to those affected.

The disclosure adds Dartmouth to a growing list of victims in Clop’s wide-ranging Oracle EBS campaign — organisations already reported include The Washington Post, GlobalLogic, Allianz UK, Cox Enterprises and others. The Russia-linked Clop gang has been exploiting enterprise platforms at scale, prioritising data theft for extortion rather than encryption.

Separately, Oracle Identity Manager was added to CISA’s Known Exploited Vulnerabilities list (CVE-2025-61757) with a federal patch deadline of 12 December, underscoring continued risk for Oracle estates. Dartmouth says it has applied available Oracle patches and will tighten vendor security oversight, though the full scope beyond the Maine tally remains unclear.

Key Points

  • Clop exploited a now-patched Oracle EBS zero-day to access Dartmouth’s environment between 9–12 August.
  • At least 1,494 Maine residents had names and Social Security numbers stolen; some also had financial account data exposed.
  • Dartmouth notified affected individuals on 24 November and is offering one year of credit monitoring for exposed SSNs.
  • Clop’s campaign has hit many organisations globally, showing industrial-scale exploitation of enterprise software.
  • Oracle Identity Manager (CVE-2025-61757) was added to CISA’s KEV with a 12 December patch deadline, highlighting ongoing Oracle-related threats.
  • Dartmouth says it applied publicly available Oracle patches and will strengthen vendor security oversight, but total impact is still unknown.

Why should I read this?

Heads up — if your organisation runs Oracle EBS (or any Oracle estate), this isn’t just another breach story. Clop is weaponising zero-days at scale and grabbing data to extort victims. We’ve skimmed the technical noise so you can see the cold facts: who was hit, what was taken, and the immediate fixes offered. If you’re responsible for patching, vendor oversight or incident response, read the details and check your systems now.

Author note

Punchy: This is a high-impact campaign that keeps growing — the finer points matter for remediation and risk assessment.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/11/25/clop_dartmouth_college/