Multiple Tulane University employees are victims of a data breach that exposed names, social security numbers, direct deposit and banking information, according to letters sent by the university. It is unclear how many employees are affected.
Tulane has confirmed the authenticity of the letters.
Tulane notified affected employees — including student employees — on April 2 that their information, stored in Oracle E-Business Suite, had been compromised in the data breach.
Oracle EBS is a human resources platform that was used by the university until March 20, when the university transitioned to Oracle Cloud.
On March 12, Tulane determined that the files had been breached and has since launched an investigation, notified law enforcement and addressed the vulnerability with Oracle, according to the letter.
Tulane’s investigation determined that on Aug. 10, 2025, unauthorized users accessed and acquired files using a vulnerability in the Oracle EBS application.
The incident may be connected to a vulnerability in Oracle EBS first exploited on Aug. 9, 2025.
According to Google Threat Intelligence and Mandiant, a cybersecurity firm owned by the search engine giant, attackers claiming affiliation with the Cl0p extortion brand, a Russian-speaking ransomware group, used a previously unknown exploit to extract files that they then threatened to release.
On Nov. 19, 2025, Cl0p claimed responsibility for the attack and publicly threatened to release the files, according to DeXpose, a dark web monitoring website.
The EBS breach comes after a slew of past Oracle data breaches.
Oracle had a significant security breach in January 2025, in which a cyber attacker potentially stole records from over 140,000 Oracle Cloud users. Six million sensitive records were exposed in the breach.
Oracle confirmed a second security breach in April 2025 in which a hacker broke into an Oracle software system and stole client log usernames, passkeys and encrypted passwords.
“We deeply regret any inconvenience or concern this may cause you,” Tulane said in the letter, which was sent by a third-party secure processing mail center. “To help prevent something like this from happening in the future, Tulane has worked closely with Oracle and third party cyber security vendors to ensure the aforementioned vulnerability has been eliminated.”
Cc • May 7, 2026 at 5:28 pm
Is it just current or is it former employees as well?