Harvard Confirms Cl0p Data Breach Tied to Oracle EBS Vulnerability
Published
- Flaw exploited: Harvard University confirmed it was impacted by a campaign exploiting a zero-day vulnerability in Oracle's E-Business Suite (EBS) system.
- Limited impact: The university stated the incident affects "a limited number of parties.”
- Cl0p implicated: Cl0p ransomware has been exploiting the Oracle flaw to steal data from numerous organizations, and has listed Harvard on its leak site.
Harvard University has confirmed its systems were affected by a widespread cybersecurity incident involving a zero-day vulnerability in Oracle's E-Business Suite (EBS). The university acknowledged that it is investigating claims made by hackers that data was exfiltrated from its systems.
Harvard Responds to Oracle System Breach
The university stated the incident affects "a limited number of parties associated with a small administrative unit" and there is no evidence of compromise to other systems, in a statement to Recorded Future News.
Officials have emphasized that the breach is not specific to Harvard and has impacted many Oracle customers globally. The university has since applied a patch provided by Oracle to remediate the zero-day vulnerability and is continuing to monitor its systems for further threats.
Harvard has characterized its exposure as limited. The university specified that the breach impacted a "small administrative unit" and a "limited number of parties."
Cl0p Ransomware Group's Campaign
This incident is part of a larger campaign orchestrated by the Russian ransomware gang known as Cl0p. The group added Harvard to its data leak site after claiming to have stolen significant amounts of data by exploiting the remote code execution (RCE) Oracle EBS vulnerability, tracked as CVE-2025-61882.
The FBI and other cybersecurity officials have confirmed the campaign's link to this critical flaw that allows RCE without authentication.
The Cl0p ransomware group's typical modus operandi involves extorting corporate executives by threatening to leak sensitive information stolen through these breaches, with ransom demands reportedly reaching into the seven- and eight-figure range.
Initially, Oracle acknowledged that some extortion emails were linked to previously identified vulnerabilities patched in July.
Scope of the Cybersecurity Incident
The FBI has described the exploited Oracle flaw as a "'stop-what-you're-doing and patch immediately' vulnerability," urging all EBS customers to isolate affected servers and monitor for suspicious activity.
The incident highlights the significant risks posed by zero-day vulnerabilities in widely used enterprise software platforms.
The full extent of the impact on all affected organizations is still being determined, with reports indicating that it may have affected up to one hundred organizations.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular