Thought Leadership
Harvard University is investigating a possible data theft incident. According to the institution, a critical vulnerability in Oracle software that affects numerous customers may have been exploited.
Harvard University has confirmed that it is reviewing reports of a security incident in which data may have been extracted through a vulnerability in Oracle’s E-Business Suite. The ransomware group Clop has listed the university on its leak site and is threatening to publish allegedly stolen information.
A spokesperson from the university’s IT department stated that they are aware of reports suggesting data related to the vulnerability may have been stolen. The issue affects many users of Oracle software and is not a Harvard-specific phenomenon.
Investigation Still Ongoing
The investigation is still in progress. Based on current knowledge, the university believes the incident was limited to a smaller administrative area. The number of potentially affected individuals is believed to be limited. Immediately after receiving the security patch from Oracle, the university applied it. Continuous monitoring of systems has shown no signs of further compromise to date.
Background of the Attack Wave
Security researchers from Mandiant and Google documented an extortion campaign earlier this month in which various organizations received emails claiming that sensitive data had been stolen from their Oracle systems. The messages demanded ransom payments, threatening to publish the information otherwise.
The attackers confirmed their involvement to specialized media outlets and suggested they had exploited a previously unknown vulnerability. Oracle responded by assigning the identifier CVE-2025-61882 and releasing an emergency patch.
