The University of Pennsylvania has become the latest victim of Clop's smash-and-grab spree against Oracle's E-Business Suite (EBS) customers, with the Ivy League school now warning more than a thousand individuals that their personal data was siphoned from its systems.

In a data breach notification letter filed with Maine's attorney general , Penn says attackers exploited a zero-day in Oracle's EBS – the same flaw Clop boasted about abusing to raid hundreds of organizations worldwide – and made off with data stored inside the university's instance of the platform, which it uses to process "supplier payments, reimbursements, general ledger entries, and to conduct other University business."

Penn launched an investigation, patched its systems after Oracle issued fixes, and alerted federal

See Full Page