Harvard University is investigating a potential data breach after the Clop ransomware gang listed the institution on its data leak site, claiming to have accessed university data through a newly discovered zero-day vulnerability in Oracle’s E-Business Suite.
According to a statement shared with BleepingComputer, a Harvard University Information Technology (HUIT) spokesperson said the university is aware of reports indicating that data linked to Harvard may have been obtained due to the Oracle vulnerability.
“This issue has impacted many Oracle E-Business Suite customers and is not specific to Harvard,” the spokesperson said. “While the investigation is ongoing, we believe that this incident impacts a limited number of parties associated with a small administrative unit.”
Harvard stated that it applied a security patch from Oracle to fix the flaw and continues to monitor its systems closely. The university added that there is currently no evidence of compromise in other parts of its network.
The statement follows Clop’s decision to add Harvard to its data leak extortion site, where the group claimed it would soon release the university’s stolen data.
Earlier this month, cybersecurity researchers from Mandiant and Google began tracking a new extortion campaign in which multiple organizations received emails from Clop, warning that their sensitive data had been stolen from Oracle E-Business Suite systems.
Clop confirmed to BleepingComputer that it was behind the campaign and had exploited a new Oracle vulnerability, later identified as CVE-2025-61882. The group stated that it planned to release stolen data if ransom demands were not met.
Oracle has since acknowledged the issue and released an emergency security update to fix the vulnerability.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Harvard is the first major organization publicly linked to this particular Oracle zero-day attack, though cybersecurity experts expect more victims to surface in the coming days.
