Dartmouth College disclosed a cyberattack tied to vulnerabilities in Oracle E-Business Suite that exposed personal and financial data for more than 35,000 people across multiple states. The intrusion, discovered in late October and reported this week, included Social Security numbers and prompted the college to notify impacted state regulators and offer one year of identity-protection services. Dartmouth said it applied all publicly available Oracle patches and is auditing vendor security practices. The incident is the latest in a string of high-profile higher-ed breaches and underscores the sector’s reliance on common enterprise software stacks. Risk managers and CIOs at peer institutions will likely reassess third-party patch timelines, incident-response playbooks, and the scope of cyber insurance and student-data protections.