The University of Pennsylvania has recently confirmed that it was targeted in a major cyberattack attributed to the Clop ransomware group, which exploits vulnerabilities in Oracle’s E-Business Suite (EBS). The university has alerted more than 1,400 individuals that their personal data may have been compromised during the breach.
In a data breach notification filed with the attorney general of Maine, Penn revealed that attackers took advantage of a zero-day vulnerability in Oracle’s EBS platform, a flaw that Clop publicly claimed responsibility for exploiting in attacks against numerous organizations worldwide. The breached data is associated with various administrative functions at the university, including supplier payments and reimbursements.
The security breach was initially discovered on November 11, prompting the institution to launch an investigation, patch their systems following Oracle’s release of fixes, and notify federal law enforcement. Penn disclosed the incident in a notification dated December 1, which identified 1,488 affected residents in Maine. However, the specific types of compromised data were largely redacted in the communication to regulators, leaving uncertainty regarding the nature of the information extracted.
This incident at Penn comes shortly after Dartmouth College reported a similar breach involving the Oracle EBS vulnerability. It highlights an ongoing trend of higher education institutions facing significant cybersecurity threats from the Clop group, which has been exploiting unpatched Oracle installations since early August, prior to the release of a fix for the vulnerability, designated CVE-2025-61882, on October 4.
In a standard response to such breaches, Penn has stated that there is “no evidence” of the compromised data being misused and has offered impacted individuals two years of credit monitoring services through Experian. While the university reassures the community that measures have been implemented to bolster system security, it also urges recipients of the notification to be vigilant regarding their financial accounts and correspondence.
As the investigation into the breach continues, the University of Pennsylvania now finds itself among a growing cohort of victims impacted by the far-reaching consequences of Clop’s cyberattacks, underscoring the necessity for robust cybersecurity measures in the face of evolving threats.