Tulane University has confirmed a significant data breach involving its HR systems after attackers exploited a zero-day vulnerability in Oracle's E-Business Suite on August 10, 2025. The New Orleans-based private university did not disclose the incident publicly until March 12, 2026, seven months after the initial compromise. National class action firm Edelson Lechtzin LLP is now investigating potential legal claims on behalf of affected individuals.

The breach occurred when unauthorized actors gained access to system files through a previously unknown security flaw in Oracle's E-Business Suite platform, which Tulane uses to store human resources data. Upon discovering the incident, the university launched an internal investigation, engaged law enforcement, and applied security patches provided by Oracle. The investigation confirmed that attackers successfully accessed sensitive employee and personnel records during the August 2025 intrusion.

Compromised data includes highly sensitive personal information such as full names, Social Security numbers, direct deposit details, and banking information. This combination of data elements creates substantial risk for identity theft, financial fraud, and account takeover attacks. The scope of affected individuals has not been publicly quantified, though the breach appears to impact current and possibly former employees, faculty, and staff who had information stored in the university's HR systems.

The seven-month gap between the initial breach and public disclosure raises questions about notification timelines and regulatory compliance. Individuals whose data was compromised face elevated risk of tax fraud, fraudulent account openings, and unauthorized financial transactions. The exposure of banking and direct deposit information is particularly concerning, as it provides attackers with direct pathways to financial accounts.

Affected individuals should immediately review bank statements and credit reports for unauthorized activity. Security experts recommend placing fraud alerts with credit bureaus, enrolling in credit monitoring services, and preserving all breach notification letters or emails received from Tulane. Those impacted should also consider filing reports with the Federal Trade Commission and monitoring tax filings for signs of identity theft. Edelson Lechtzin LLP is offering free case evaluations for potential class action participation.

Source: https://www.prnewswire.com/news-releases/tulane-university-data-breach-edelson-lechtzin-llp-launches-investigation-into-exposure-of-personal-information-302774337.html