Cambridge: Harvard University is scrambling to contain a data security breach after a notorious Russian-speaking cybercrime group, Clop, threatened to release information allegedly stolen from the school. The attack exploits a vulnerability in a widely used financial software system, raising concerns not just for the Ivy League institution, but for hundreds of other companies worldwide.
The Extortion Claim and Target
Harvard University has launched an investigation into a security incident after the Russian-speaking extortion group Clop publicly claimed it had stolen data from the school. Clop, which operates like a digital organized crime ring, posted a threat on its website, saying it was preparing to release the confidential information it acquired. The hackers did not breach the university’s main network directly, but instead exploited a known security flaw in the Oracle E-Business system, a software suite used by the university for various administrative functions. Clop’s standard operating procedure involves demanding a large ransom payment from its victims, threatening to publish their sensitive data if they refuse to pay.
Harvard’s Limited Scope and Quick Response
In response to the public threat, a spokesperson for Harvard University Information Technology (HUIT) confirmed that the school was “aware” of the reported breach. Crucially, HUIT’s initial findings suggest the damage was highly contained. The investigation determined the breach was limited in scope, affecting only a “limited number of parties associated with a small administrative unit.” While the specific nature of the stolen data was not disclosed, the school quickly applied a security patch—a fix for the vulnerability—to the Oracle system. HUIT emphasized that there is currently “no evidence of compromise to other University systems,” suggesting that the bulk of Harvard’s network and data remains secure.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
Part of a Wider Global Attack
The breach at Harvard is not an isolated event but is connected to a larger, global campaign carried out by Clop against the Oracle E-Business system. Security experts believe the group began exploiting this flaw as far back as July, with over 100 companies worldwide potentially targeted in the broad offensive. Oracle, the software developer, first addressed vulnerabilities in its system in an early October statement. However, the company later admitted to identifying additional security flaws and issued a second, urgent patch days later.
Clop’s History of Major Ransoms
Clop is one of the most successful and feared cybercrime groups operating today, known for its ability to target widely-used software and maximize its profits. The group achieved global notoriety in 2023 with a massive attack that targeted the MoveIt file transfer software. That single campaign compromised more than 2,773 organizations and is estimated to have earned the criminal group more than ₹665 crores ($75 million) in ransom payments. Earlier, in 2019, Clop was responsible for locking faculty and students out of their online systems at Maastricht University in the Netherlands, forcing the university to pay a ransom of ₹2 crores (€200,000) to regain access.
