University of Pennsylvania Data Breach via Clop Exploitation of Oracle E-Business Suite
The University of Pennsylvania suffered a data breach after attackers exploited a zero-day vulnerability in Oracle's E-Business Suite (EBS), resulting in the theft of personal information from its systems. The Clop ransomware group is believed to be behind this attack, which targeted numerous Oracle EBS customers worldwide, including other Ivy League institutions such as Dartmouth College and Harvard University. The breach notification filed with Maine's Attorney General confirmed that at least 1,488 individuals were affected, though the total number of victims is likely higher. The university responded by patching its systems after Oracle released fixes and notified federal law enforcement.
The attack was part of a broader campaign in which Clop exploited multiple vulnerabilities in Oracle EBS to steal large amounts of data from various organizations. The University of Pennsylvania only became aware of the breach after Oracle acknowledged the vulnerability and Clop began sending extortion emails to victim organizations. While the university has not disclosed the specific types of data stolen, it has stated that there is no evidence the information has been publicly disclosed or misused. The incident highlights the risks associated with unpatched enterprise software and the growing trend of ransomware groups exploiting zero-day vulnerabilities for data theft and extortion.
Sources
1 more from sources like maine data breaches
Related Stories
University of Phoenix Data Breach via Oracle E-Business Suite Exploit
The University of Phoenix disclosed a significant data breach after attackers exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application. The breach, detected on November 21, 2025, resulted in unauthorized access to sensitive personal and financial information, including names, contact details, dates of birth, Social Security numbers, and bank account information of numerous current and former students, employees, faculty, and suppliers. The incident was revealed after the university was listed on the leak site of a prominent Russian extortion group, believed to be the Clop ransomware gang, which has targeted multiple U.S. educational institutions through the same Oracle EBS vulnerability. The university's parent company, Phoenix Education Partners, filed a notice with the U.S. Securities and Exchange Commission (SEC), confirming the breach and stating that cybersecurity insurance would cover the response and remediation costs. While the attackers have not publicly disseminated the stolen data, the university is continuing its investigation and will notify affected individuals and regulatory entities. The breach is part of a broader campaign that has impacted other major universities, highlighting the risks associated with unpatched enterprise software vulnerabilities.
3 months agoUniversity of Phoenix Data Breach Exposes 3.5 Million Records via Oracle EBS Exploit
University of Phoenix suffered a major data breach affecting approximately 3.5 million individuals, including students, staff, and suppliers, after attackers exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application. The breach, attributed to the Clop ransomware gang, resulted in the exposure of sensitive personal and financial information such as names, contact details, dates of birth, Social Security numbers, and bank account information. The incident was discovered on November 21, 2025, several months after the initial compromise in August, highlighting significant gaps in the university’s security monitoring and detection capabilities. Following regulatory requirements, especially in Maine where over 9,000 residents were affected, the University of Phoenix issued formal notifications and offered complimentary identity theft protection services, including credit monitoring and fraud reimbursement. The breach has raised concerns about the adequacy of cybersecurity defenses in higher education and prompted the university to engage legal counsel and external experts to manage the response and notification process. The Clop ransomware group’s involvement and the exploitation of a critical Oracle EBS vulnerability underscore the evolving threat landscape facing educational institutions.
2 months agoOracle E-Business Suite Zero-Day Exploited by Clop Ransomware Group
Clop ransomware group exploited a zero-day vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61882, to compromise major organizations including Schneider Electric, Emerson, Harvard University, and others. The vulnerability allowed unauthenticated remote access to Oracle Concurrent Processing, enabling attackers to exfiltrate large volumes of sensitive data such as ERP records, financial documents, procurement workflows, and engineering files. Clop reportedly maintained access for months, exfiltrating 2.7 terabytes from Emerson and 116 gigabytes from Schneider Electric, with the breach going undetected by traditional monitoring tools. Security experts warn that the impact extends beyond data theft, as attackers may leverage stolen information for extortion, supply chain exploitation, and credential harvesting. Oracle has released patches for CVE-2025-61882 and strongly urges all EBS customers to apply updates immediately. The campaign highlights the risks posed by trusted vendor dependencies and the potential for widespread disruption across critical infrastructure and operational technology supply chains. Attribution remains under investigation, with both Clop and the financially motivated FIN11 group suspected of involvement.
4 months ago