Nearly 3.5 million individuals associated with the University of Phoenix were impacted by a significant data breach that exposed sensitive personal and financial information.
The University of Phoenix has confirmed a substantial data breach affecting approximately 3.5 million students and staff. The incident originated in August when cyber attackers infiltrated the university’s network and accessed sensitive information without detection.
The breach was discovered on November 21, after the attackers listed the university on a public leak site. In early December, the university publicly disclosed the incident, and its parent company filed an 8-K form with regulators to report the breach.
According to notification letters submitted to Maine’s Attorney General, a total of 3,489,274 individuals were affected by the breach. This group includes current and former students, faculty, staff, and suppliers.
The university reported that hackers exploited a zero-day vulnerability in the Oracle E-Business Suite, an application that manages financial operations and contains highly sensitive data. Security researchers have indicated that the attack bears similarities to tactics employed by the Clop ransomware gang, which has a history of stealing data through zero-day vulnerabilities rather than encrypting systems.
The specific vulnerability associated with this breach is identified as CVE-2025-61882 and has reportedly been exploited since early August. The attackers accessed a range of sensitive personal and financial information, raising significant concerns about identity theft, financial fraud, and targeted phishing scams.
In letters sent to those affected, the university confirmed the breach’s impact on 3,489,274 individuals. Current and former students and employees are advised to monitor their mail closely, as notification letters are typically sent via postal mail rather than email. These letters detail the exposed data and provide instructions for accessing protective services.
A representative from the University of Phoenix provided a statement regarding the incident: “We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. Upon detecting the incident on November 21, 2025, we promptly took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. We are reviewing the impacted data and will provide the required notifications to affected individuals and regulatory entities.”
To assist those affected, the University of Phoenix is offering free identity protection services. Individuals must use the redemption code provided in their notification letter to enroll in these services. Without this code, activation is not possible.
This breach is not an isolated incident; Clop has employed similar tactics in previous attacks involving various platforms, including GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo, and Gladinet CentreStack. Other universities, such as Harvard University and the University of Pennsylvania, have also reported incidents related to Oracle EBS vulnerabilities.
The U.S. government has taken notice of the situation, with the Department of State offering a reward of up to $10 million for information linking Clop’s attacks to foreign government involvement.
Universities are known to store vast amounts of personal data, including student records, financial aid files, payroll systems, and donor databases. This makes them high-value targets for cybercriminals, as a single breach can expose years of data tied to millions of individuals.
If you believe you may be affected by this breach, it is crucial to act quickly. Carefully read the notification letter you receive, as it will explain what data was exposed and how to enroll in protective services. Using the redemption code provided is essential, especially given the involvement of Social Security and banking data.
Even if you do not qualify for the free identity protection service, investing in an identity theft protection service is a wise decision. These services actively monitor sensitive information, such as your Social Security number, phone number, and email address. If your information appears on the dark web or if someone attempts to open a new account in your name, you will receive immediate alerts.
Additionally, these services can assist you in quickly freezing bank and credit card accounts to limit further fraud. It is also advisable to check bank statements and credit card activity for any unfamiliar charges and report anything suspicious immediately.
Implementing a credit freeze can prevent criminals from opening new accounts in your name, and this process is both free and reversible. To learn more about how to freeze your credit, visit relevant resources online.
As the fallout from this breach continues, individuals should remain vigilant for increased scam emails and phone calls, as criminals may reference the breach to appear legitimate. Strong antivirus software is essential for safeguarding against malicious links that could compromise your private information.
Keeping operating systems and applications up to date is also critical, as attackers often exploit outdated software to gain access. Enabling automatic updates and reviewing app permissions can help prevent further data breaches.
The University of Phoenix data breach underscores a growing concern in higher education regarding cybersecurity. When attackers exploit trusted enterprise software, the consequences can be widespread and severe. While the university’s offer of free identity protection is a positive step, long-term vigilance is essential to mitigate risks.
As discussions about cybersecurity standards in educational institutions continue, students may want to consider demanding stronger protections before enrolling. For further information and resources, visit CyberGuy.com.