On or about October 30, 2025, Dartmouth College discovered a data security incident involving its Oracle eBusiness Suite (“EBS”) software. The investigation revealed that an unauthorized actor exploited a zero-day vulnerability in Oracle EBS, allowing data to be taken from multiple environments, including Dartmouth’s.
The unauthorized access occurred between August 9, 2025, and August 12, 2025, during which certain files were taken. Dartmouth identified these files as containing personal information such as names, Social Security numbers, and financial account details.
While there is no evidence of identity theft or fraud, Dartmouth implemented all available security patches for Oracle EBS and continues to review vendor security practices. The college also notified law enforcement and offered complimentary identity protection services to affected individuals.
Dartmouth College is a private Ivy League research university located in Hanover, New Hampshire, founded in 1769. It is known for a liberal arts focus with strong undergraduate education, small classes, and a unique quarter-based academic calendar called the D-Plan. The university includes five professional and graduate schools and has notable programs in fields such as engineering, medicine, and business.
Following the breach, Dartmouth strengthened its cybersecurity measures and continues to monitor its systems.
If you received a Data Breach notification letter from Dartmouth College, it confirms that your information was potentially impacted.
What information is involved in the Dartmouth College Data Breach?
Compromised information may include:
Name
Social Security Number
Financial Account Information
Your Personally Identifiable Information (PII) includes details that can be used to identify you. Organizations are legally obligated to safeguard this data, and failure to do so can result in statutory fines and other legal consequences. If PII is stolen, it may be exploited by criminals to commit identity fraud.
If your data has been exposed in a breach, one of the most effective steps you can take is to enroll in credit and identity monitoring services promptly.
Residents of California benefit from additional privacy protections under the California Consumer Privacy Act (CCPA), which grants enhanced rights regarding personal data.
If you received a NOTICE OF DATA BREACH letter from Dartmouth College, your personal and financial information may be at risk. This type of data can be exploited by identity thieves to commit fraud and other crimes.