Exclusive: DataBreach.com Analysis Reveals True Scale of Dartmouth College Hack

Beyond the Public Filings
While initial regulatory filings estimated the Dartmouth College breach affected roughly 40,000 individuals, new independent analysis by the DataBreach.com research team indicates the scope of exposure is significantly wider.
Following the mid-2025 attack by the Cl0p ransomware gang, our team parsed the leaked datasets and uncovered a massive trove of personal information that extends far beyond the initially reported impact.
DataBreach.com Findings: By The Numbers
Our internal analysis of the compromised data reveals that over half a million individuals have had some form of PII exposed. The breakdown of the parsed data includes:
- 522,000 Unique Full Names
- 162,800 Unique Email Addresses
- 36,900 Unique Phone Numbers
- 19,400 Unique Social Security Numbers (SSNs)
Analyst Note: The discrepancy between the confirmed victim count cited in public filings and the 522,000 names found in our analysis suggests that while the "high-risk" group (those with exposed SSNs) is smaller, a vast number of students, alumni, and affiliates may have still had their contact details and identities compromised, leaving them vulnerable to targeted phishing.
The Vulnerability: Oracle EBS Exploited
This data exfiltration was made possible by a critical Zero-Day vulnerability in Oracle E-Business Suite (EBS), which Dartmouth uses for its core business and financial operations.
Cl0p utilized a critical flaw tracked as CVE-2025-61882, which allows unauthenticated remote code execution. This enabled the gang to bypass login screens entirely and siphon data directly from internal servers. Attackers reportedly had access to the system for several days in early August, months before victims were effectively notified.
A Pattern of "Supply Chain" Extortion
The Dartmouth incident is a textbook example of Cl0p’s strategy: target a single software vendor to compromise hundreds of downstream organizations. This campaign has also ensnared high-profile entities like Harvard University, The Washington Post, and Envoy Air, creating a global web of victims linked by a single software flaw.
What This Means for Victims
With 19.4k SSNs confirmed in the dataset, the risk of identity theft is critical for a specific subset of victims. However, the 162k exposed emails present a broader threat. Criminals can now map names to emails and phone numbers, crafting "spear-phishing" attacks that look like official university correspondence.
What's Next: The Legal Fallout
While immediate vigilance against phishing is critical, the long-term resolution of this incident will almost certainly play out in the courts. Given the systemic nature of the CVE-2025-61882 vulnerability and the staggering number of high-profile organizations affected - from Dartmouth and Harvard to The Washington Post - legal experts anticipate these cases will be consolidated into a massive class action lawsuit against Oracle. Rather than relying on disparate settlements from individual universities or companies, the primary avenue for victim compensation is expected to be a centralized legal battle holding the software giant accountable for the critical security lapses that allowed Cl0p to exploit the E-Business Suite on a global scale.















