Home / Technology / University of Phoenix Hack Exposes 3.5M Data Records
University of Phoenix Hack Exposes 3.5M Data Records
4 Jan
Summary
- Nearly 3.5 million individuals impacted by the University of Phoenix data breach.
- Attackers exploited an Oracle E-Business Suite vulnerability, linked to the Clop gang.
- Exposed data includes names, SSNs, and bank account details, fueling identity theft risks.
The University of Phoenix confirmed a major cybersecurity incident impacting approximately 3.5 million individuals. The breach, detected on November 21, 2025, stems from an August 2025 network intrusion where attackers stole sensitive information. The university's parent company filed an 8-K with regulators detailing the event.
Investigators believe the attackers exploited a zero-day vulnerability in Oracle's E-Business Suite, a common tactic associated with the Clop ransomware gang. This specific flaw, tracked as CVE-2025-61882, had reportedly been abused since early August 2025, leading to the exposure of full names, contact details, dates of birth, Social Security numbers, and bank account information.
Impacted individuals, including current and former students, faculty, staff, and suppliers, are being notified. The University of Phoenix is offering 12 months of free identity protection services. The U.S. Department of State has offered a reward for information linking Clop's activities to foreign governments, highlighting the widespread concern over such attacks.
