"According to a breach notification filed with Maine's attorney general, the New Hampshire Ivy League university says crooks exploited a now-patched zero-day in Oracle EBS and made off with data from its environment between August 9 and August 12. Dartmouth's review found that at least 1,494 Maine residents had their names, Social Security Numbers, and, in some cases, financial account information stolen, though it hasn't said how many people were affected overall."
"Dartmouth's admission cements what has already become clear: Clop's Oracle EBS raid was a sprawling campaign with a long list of victims. Earlier this month, The Washington Post disclosed that nearly 10,000 employees and contractors were caught up in the same wave of attacks, which followed earlier confirmations from the likes of Hitachi-owned GlobalLogic and Allianz UK. Earlier this week, Cox Enterprises also came out as a victim, saying Clop had bagged the data of almost 10,000 individuals."
Dartmouth College confirmed attackers exploited a now-patched Oracle E-Business Suite zero-day between August 9 and August 12, resulting in multiple files being exfiltrated. A review identified at least 1,494 Maine residents whose names, Social Security Numbers, and in some cases financial account information were stolen. Dartmouth immediately secured systems, notified law enforcement, began sending notification letters on November 24, and is offering one year of credit monitoring to those with exposed SSNs. The incident is part of a wider Clop campaign targeting enterprise platforms via zero-days and stealing data rather than encrypting systems. A separate Oracle Identity Manager zero-day, CVE-2025-61757, was added to CISA's Known Exploited Vulnerabilities with a mandatory December 12 patch.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]