Data breach hits University of Phoenix via Oracle vulnerability
NEWYou can now listen to Fox News articles!
The University of Phoenix has confirmed a massive data breach affecting approximately 3.5 million people. The incident dates back to August, when attackers accessed the university’s network and quietly stole sensitive information.
The school detected the trespass on Nov. 21. This discovery came after attackers listed the university on a public leak site. The university disclosed the incident in early December and its parent company filed an 8-K with regulators.
The scope is wide. Notification letters submitted to the Maine Attorney General’s Office show 3,489,274 people were affected. Those affected include current and former students, faculty, staff and vendors.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.
DATA BREACH EXPOSES INFORMATION OF 400,000 BANK CUSTOMERS
The data breach at the University of Phoenix exposed sensitive personal and financial information of approximately 3.5 million people. (Kurt “CyberGuy” Knutsson)
What happened and how did the attackers get in?
According to the university, hackers exploited a zero-day vulnerability in Oracle E-Business Suite. This application manages financial transactions and contains highly sensitive data.
Based on the technical details shared so far, security researchers believe the attack is consistent with tactics used by the Clop ransomware gang. Clop has a long history of stealing data through zero-day flaws rather than encrypting systems.
The vulnerability associated with this campaign is tracked as CVE-2025-61882. Investigators say it has been abused since early August.
What data was revealed
The university says the attackers gained access to highly sensitive personal and financial information. This includes:
- full names
- Contact information
- birth dates
- social security numbers
- Bank account numbers
- Routing numbers
Such data poses a serious risk. Can fuel identity theft, financial fraud and targeted attacks Phishing scams.
700KREDİ DATA BREACH EXPOSES SSNS OF 5.8 MILLION CONSUMERS
Stolen University of Phoenix records can be used by criminals to launch spearphishing and identity theft attacks. (Kurt “CyberGuy” Knutsson)
Approximately 3.5 million people affected
In letters sent to affected individuals, the university confirmed that the breach affected 3,489,274 people. If you are a current or former student or employee, monitor your mail closely.
These notifications usually arrive via postal mail, not email. The letter explains what data was exposed and includes instructions for protective services.
We reached out to the University of Phoenix for comment, and a representative provided the following statement to CyberGuy:
“We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. Upon detection of the incident on November 21, 2025, we immediately took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. We are reviewing the affected data and will provide appropriate notifications to affected individuals and regulatory agencies.”
Free identity protection now available
The University of Phoenix is offering free identity protection services to affected individuals. These include:
- 12 months credit monitoring
- Identity theft recovery assistance
- dark web monitoring
- $1 million fraud compensation policy
To register you must use the redemption code specified in the notification letter. Without this code you cannot activate the service.
This attack fits into a larger Clop campaign
The breach at the University of Phoenix is not an isolated incident. Clop has used similar tactics in past campaigns, including GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo and Gladinet CentreStack.
Other universities have also reported incidents related to Oracle EBS. These include Harvard University and the University of Pennsylvania.
The US government is taking this into consideration. The U.S. State Department is offering a reward of up to $10 million for information linking Clop’s attacks to a foreign government.
Why are universities primary targets?
Universities store large amounts of personal data. Student records, financial aid files, payroll systems, and donor databases are all brought together under one roof.
Like healthcare organizations, colleges present a high-value target. A single breach could expose years of data connected to millions of people.
MAKE 2026 YOUR MOST SPECIAL YEAR EVER BY REMOVING BROKER DATA
Affected University of Phoenix students and staff should act quickly to monitor accounts and protect their identities. (Kurt “CyberGuy” Knutsson)
Steps to stay safe right now
If you think you may be affected, act quickly. These steps can reduce your risk.
1) Pay attention to your violation notification letter
Read carefully. It explains what data is disclosed and how to sign up for protection services.
2) Sign up for free identity protection
First use the payment code provided. Credit monitoring and recovery services are important because Social Security and banking data are involved. Even if you’re not eligible for the free service, identity theft protection is still a smart move.
Additionally, these services actively track sensitive details like your Social Security number, phone number, and email address. If your information appears on the dark web or someone tries to open a new account, you’ll immediately receive an alert. As a result, many services also help you quickly freeze your bank and credit card accounts to limit further fraud.
See my tips and top picks on how to protect yourself from identity theft at: cyberguy.com
3) Use a data removal service
Because this breach exposes names, contact information, and other identifying information, it is important to reduce what is publicly available about you. A data removal service can help remove your personal information from data broker sites; this reduces the risk of spear phishing or fraud related to stolen University of Phoenix records.
While no service can guarantee complete removal of your data from the internet, a data removal service is truly a smart choice. They’re not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to delete your personal data from the internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data obtained from breaches with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and run a free scan to see if your personal information is already on the internet by visiting: cyberguy.com
Get a free scan to find out if your personal information is already on the internet: Cyberguy.com
4) Monitor financial accounts daily
Check bank statements and credit card activity for unknown charges. Report anything suspicious immediately.
5) Consider freezing your credit
A credit freeze can prevent criminals from opening new accounts in your name. It is free and reversible. To learn more about how to do this, go to: cyberguy.com and “How do you freeze your credit?” Search for .
6) Be wary of phishing attempts and use strong antivirus software
Expect more scam emails and phone calls. Criminals may claim that the violation was legitimate.
The best way to protect yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection also keeps your personal information and digital assets safe by alerting you to phishing emails and ransomware scams.
Get my picks for the 2025 best antivirus protection winners for your Windows, Mac, Android, and iOS devices at: cyberguy.com
7) Secure your devices
Keep your operating systems and applications up to date, as attackers often use outdated software to gain access. Additionally, enable automatic updates and review app permissions to prevent stolen personal data from being combined with device-level access to cause further harm.
Kurt’s important takeaways
The University of Phoenix data breach highlights a growing problem in higher education. When attackers leverage trusted enterprise software, their impact spreads quickly and widely. While free identity protection helps, the most important thing is long-term caution. Staying vigilant can limit damage long after the cuffs disappear.
If universities cannot protect this level of sensitive data, should students demand stronger cybersecurity standards before enrolling? Let us know by writing to us. cyberguy.com
CLICK TO DOWNLOAD FOX NEWS APPLICATION
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.
Copyright 2025 CyberGuy.com. All rights reserved.
