A person walks past a large abstract metal sculpture on a college campus, with brick buildings and a clock tower in the background on a cloudy day.
A student walks on the campus of Dartmouth College in Hanover, New Hampshire, on March 5, 2024. Photo by Robert F. Bukaty/AP

This story by Clare Shanahan was first published in the Valley News on Dec. 1, 2025.

HANOVER โ€”ย More than 40,000 people in Vermont and New Hampshire may have been impacted by a data breach in a system used by Dartmouth College. Last week, Dartmouth started mailing letters to the people whose personal information was included in data stolen over three days in early August.

During that time, an โ€œunauthorized actorโ€ was able to access Dartmouth College files and take data, including โ€œone or moreโ€ files that had personal information such as names, Social Security numbers and financial account information, according to reports Dartmouth filed with the offices of the attorneys general of New Hampshire and Vermont last week.

The breach was part of a widespread attack on the Oracle eBusiness Suite, a platform Dartmouth and many other companies use to manage operations. A ransomware group has been taking credit for the attack and it has identified more than 100 companies impacted by the breach, according to reporting from SecurityWeek.

โ€œThis incident was not the result of any โ€˜phishingโ€™ attack on a member of the Dartmouth community or any other action or inaction on Dartmouthโ€™s part,โ€ college spokesperson Jana Barnello said.

After Oracle reported the security breach in early October, Dartmouth launched an investigation โ€œas quickly as possibleโ€ to identify the impacted data and respond, Barnello said Monday. It โ€œtook timeโ€ to review all of the files and identify the people whose information was exposed, Barnello said of the gap between when the Oracle breach was announced and when Dartmouth reported it.

The college reviewed the leaked files and identified that โ€œone or moreโ€ contained personal information such as Social Security numbers on Oct. 30, according to the filings.

In response to the breach, Dartmouth implemented โ€œall publicly available patchesโ€ for the program to shore up any issues, per Oracleโ€™s recommendations, and set up a phone line for impacted people.

The letters sent to victims describe the incident and Dartmouthโ€™s response and include access to a one-year subscription to Experian IdentityWorks, a personal security program that helps to prevent identify theft.

Dartmouth reported the data breach last week to the attorney generalโ€™s offices of New Hampshire and Vermont. The incident โ€œinvolvesโ€ 31,742 New Hampshire residents, an attorney for the college reported in the filings for New Hampshire.

The breach impacted 12,701 Vermonters, Amelia Vath, senior advisor to the Vermont Attorney General, said Monday.

Dartmouth College filed similar reports in other states including Maine, California and Texas.

The only other data breach Dartmouth College has reported to the New Hampshire attorney general since 2006 was in 2012 when a laptop including personal information for four people was stolen, according to an online database.

Vermont's newsletter

Request a correction

Submit a tip

The Valley News is the daily newspaper and website of the Upper Valley, online at www.vnews.com.