The University of Pennsylvania has become the latest victim of Clop’s data breach spree against Oracle’s E-Business Suite (EBS) customers. The Ivy League school reported that over 1,400 individuals, mostly Maine residents, had their personal data stolen from its systems due to an exploited zero-day vulnerability in Oracle’s EBS.
The university launched an investigation, patched its systems after receiving fixes from Oracle, and alerted federal law enforcement. Penn is offering two years of Experian credit monitoring services to those affected and is working with cybersecurity experts to reinforce its systems and mitigate future unauthorized access.
This incident marks the latest in a series of high-profile data breaches targeting EBS customers worldwide. The breach follows a pattern seen in other academic disclosures, where the attackers claim to have exploited a zero-day vulnerability before Oracle released patches for the issue.
The University of Pennsylvania’s disclosure comes as another Ivy League school, Dartmouth College, recently confirmed it too fell victim to the same Oracle EBS zero-day. Both institutions are now cooperating with federal investigations into the breach and offering affected individuals credit monitoring services.
Source: https://www.theregister.com/2025/12/02/clop_university_of_pennsylvania