Dartmouth College 2025 Data Breach

Dartmouth College Ivy League University Breach (2025): 163K Records Including SSN Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Cl0p / TA505 (Oracle EBS zero-day campaign; CVE-2025-61882)EducationEmail AddressFull NamePhone NumberPostal CodeSocial Security Number
High SeverityWebsite / service breach

Dartmouth College Ivy League University Breach (2025): 163K Records Including SSN Exposed

Private Ivy League research university.

Verified by ObscureIQ Intelligence
87/100Breach Risk Index
25Data Value
60Market Recency
130dSince Breach

Breach Intelligence Summary

Entity: Dartmouth College · Actor: Cl0p / TA505 (Oracle EBS zero-day campaign; CVE-2025-61882) · Sources: 2 references
Attack: Unknown
Profile: University · Higher education and research · Academic institution · USA
Timeline: Breach (2025-11-13) · Indexed (Dec 18, 2025) · Year (2025)
Exposure: 163K records · 5 fields: Email Address, Full Name, Phone Number, Postal Code, Social Security Number
Status: Reported

Executive Summary

Dartmouth College, a private Ivy League research university, suffered a data breach during a three-day window from August 9 to August 12, 2025 when the Cl0p ransomware gang (also known as TA505) exploited a zero-day vulnerability in Oracle's E-Business Suite software (CVE-2025-61882) to access Dartmouth's enterprise resource planning system and exfiltrate files containing personal information. Oracle disclosed the underlying vulnerability and released security patches in early October 2025. Dartmouth subsequently launched an internal investigation, identified the impacted data on October 30, 2025, and began notifying affected individuals through letters mailed in late November 2025 with state attorney general filings on November 24, 2025. Cl0p formally claimed responsibility for the Dartmouth breach on its dark-web data leak site on November 11, 2025, with the attackers leaking approximately 226 gigabytes of stolen Dartmouth data after Dartmouth declined to pay ransom. The breach affected approximately 35,000 to 40,000 individuals based on combined state attorney general filings (with DataBreach.com reporting approximately 163,306 rows of data, reflecting the underlying file content rather than the count of affected individuals). Compromised fields included full names, Social Security numbers, financial account information including bank account details, email addresses, phone numbers, and ZIP codes. The affected population included current and former Dartmouth students (including student-employees), faculty, staff, and other individuals whose information was processed through Dartmouth's Oracle E-Business Suite platform. The exposure of SSN combined with bank account information represents an exceptionally high-risk data combination because it directly enables both identity theft and ACH-fraud (unauthorized direct withdrawal from compromised bank accounts). For affected individuals, the practical risk profile is exceptionally severe due to the combination of SSN exposure with bank account data. Affected individuals should enroll in the complimentary Experian credit monitoring and identity theft protection services offered by Dartmouth before the February 28, 2026 enrollment deadline. Affected individuals should also consider placing a credit freeze with all three credit bureaus (Equifax, Experian, and TransUnion), which is more protective than credit monitoring alone because it prevents new accounts from being opened in the affected individual's name. The SSN exposure at a university is distinctively concerning because students often do not actively monitor their credit during their studies (because they have no mortgage, car loan, or other large account that would trigger credit-bureau alerts), making student-victim populations especially vulnerable to silent identity-fraud accumulation that may not be apparent until after graduation. Affected individuals should monitor their bank accounts daily for unauthorized ACH withdrawals, request replacement bank account numbers from their financial institution if any unusual activity is detected, and remain alert to phishing or impersonation attempts referencing real Dartmouth-association details. Class-action litigation is available for affected individuals seeking compensation. Affected individuals may also file complaints with state attorneys general in New Hampshire, Vermont, Maine, Texas, or other applicable states.

ObscureIQ assessment: High risk of phishing, identity theft, payroll or tuition fraud, and targeting of research or donor relationships. University data also often includes young adults and long-lived alumni identities.

Breach Impact

The institutional impact on Dartmouth has been significant given the SSN-and-financial-data exposure of approximately 35,000 to 40,000 individuals. Dartmouth incurred costs associated with forensic investigation by an outside firm, multi-state attorney general filings, individualized victim notification across multiple states, and the provision of one year of complimentary Experian credit monitoring and identity theft protection services. Class-action litigation has been initiated by plaintiffs' law firms following the disclosure, with attorneys publicly soliciting affected individuals to participate in potential class-action claims for compensation including loss of privacy, time spent dealing with the breach, and out-of-pocket costs. The reputational impact has concentrated within higher education and among Dartmouth alumni and donors, although Dartmouth's framing of the breach as a third-party software vulnerability (rather than an institutional security failure) has limited some of the reputational consequences. The case has been broadly cited in cybersecurity coverage as illustrating the cumulative impact of the Cl0p Oracle E-Business Suite zero-day campaign on the higher education sector.

About Dartmouth College

Dartmouth College is a private Ivy League research university located in Hanover, New Hampshire and founded in 1769, making it one of the oldest institutions of higher education in the United States. Dartmouth enrolls approximately 6,700 students across its undergraduate liberal arts program, the Geisel School of Medicine, the Thayer School of Engineering, the Tuck School of Business, and various graduate programs. The institution employs approximately 4,000 faculty and staff and maintains substantial alumni records dating back centuries. As a research university with extensive administrative, academic, financial, and alumni operations, Dartmouth maintains identity, contact, financial, academic, employment, and donor records across multiple integrated enterprise systems including the Oracle E-Business Suite platform that handles financial management, human resources, and administrative workflows for the institution.

Why They Hold Your Data

Universities collect student, staff, faculty, alumni, applicant, donor, and research-linked identity, contact, financial, academic, and employment records across education and administration systems.

Recent Developments

Dartmouth disclosed the breach to affected individuals through letters mailed in late November 2025 and through state attorney general filings in New Hampshire (31,742 residents), Vermont (more than 12,700 residents), Maine (at least 1,494 residents), and Texas. Interim Chief Information Officer Tom DeChiaro circulated a campus-wide email on December 16, 2025 acknowledging the incident and encouraging affected individuals to enroll in the complimentary Experian credit monitoring and identity theft protection services offered by the institution (with an enrollment deadline of February 28, 2026). Dartmouth has emphasized that the breach was the result of a zero-day vulnerability in Oracle's E-Business Suite software (CVE-2025-61882) rather than a phishing attack or other action by Dartmouth personnel, and that Dartmouth has implemented all available Oracle security patches and established a hotline for affected individuals. The case is part of the broader Cl0p ransomware gang campaign that has compromised more than 100 organizations globally including Harvard University, the University of Pennsylvania, and Cox Enterprises.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Phone Number
Postal Code
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Geographic narrowing
  • Full identity theft & synthetic identity fraud

Threat Actor: Cl0p / TA505 (Oracle EBS zero-day campaign; CVE-2025-61882)

Cl0p / TA505 (Oracle EBS zero-day campaign; CVE-2025-61882)
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Dartmouth College breach?

Dartmouth College, a private Ivy League research university, suffered a data breach during a three-day window from August 9 to August 12, 2025 when the Cl0p ransomware gang (also known as TA505) exploited a zero-day vulnerability in Oracle's E-Business Suite software (CVE-2025-61882) to access…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Postal Code, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation