{shortcode-d22125d8c9dcd6a8d7aaa9d64db9b836d9430cf3}

Harvard is investigating a data breach after a Russian-speaking cybercrime organization claimed it was preparing to release information stolen through a vulnerability in a software suite used by the University.

Clop, an organization that extorts payments from companies to prevent the release of stolen data, announced the breach on its leak site Saturday. The alleged breach of Harvard’s systems is part of a larger attack exploiting a vulnerability in the Oracle E-Business system. Clop has not yet publicized the names of other exploited companies.

Harvard University Information Technology spokesperson Tim J. Bailey wrote in a statement that the University was “aware” of the reported data breach but an initial investigation found it affected only “a limited number of parties associated with a small administrative unit.”

HUIT has applied a patch to address the vulnerability and reported “no evidence of compromise to other University systems,” according to Bailey.

The attack on Oracle likely began as far back as July, according to an investigation by Google Threat Intelligence Group and Mandiant. The investigation found that more than 100 companies were targeted in Clop’s most recent attack before Oracle intervened and concluded that Clop “successfully exfiltrated a significant amount of data” from at least some of the targeted organizations.

Clop made the attack public in late September, contacting hundreds of company executives and extorting them for payment by threatening to release the stolen data.

Oracle first identified the vulnerability in an Oct. 2 statement, which acknowledged the extortion emails but said the flaws in the system were addressed in a July update. Two days later, Oracle backtracked and issued a second statement identifying additional vulnerabilities, along with a patch. They advised all users of Oracle E-Business Suite versions 12.2.3 to 12.2.14 to apply the fix.

Oracle declined to comment on the data breach Monday afternoon, referring to the company’s latest security alert advisory.

Clop rose to prominence in 2019 after an attack on Windows programs used by Maastricht University in the Netherlands, locking students and faculty out of the university’s online systems until it paid a €200,000 ransom.

The group was behind a major 2023 cyberattack when it infiltrated MoveIt software — used for transferring files securely — and compromised more than 2,773 organizations. Clop earned more than $75 million from the attacks, according to estimates by the ransomware response firm Coveware. And last year, Clop attacked the Cleo file transfer software, apparently targeting companies that produce consumer products.

—Staff writer Elise A. Spenner can be reached at elise.spenner@thecrimson.com. Follow her on X at @EliseSpenner.

–Staff writer Abigail S. Gerstein can be reached at abigail.gerstein@thecrimson.com. Follow her on X @abbysgerstein.