University of Phoenix Data Breach Exposes Sensitive Information of Nearly 3.5 Million
PHOENIX, Ariz. — Nearly 3.5 million current and former students, faculty, staff, and suppliers connected to the University of Phoenix have been affected by a significant data breach that compromised sensitive personal and financial information. The breach, which traces back to August 2025, involved attackers exploiting a zero-day vulnerability in the university’s Oracle E-Business Suite software, a critical platform used to manage financial operations.
University officials detected the intrusion on November 21, 2025, after the attackers publicly listed stolen data on a leak site, prompting immediate investigation and disclosure in early December. The university’s parent company subsequently filed an 8-K report with regulators, confirming the scope of the incident. Notification letters filed with the Maine Attorney General’s office indicate that 3,489,274 individuals were impacted.
The compromised data includes full names, contact information, dates of birth, Social Security numbers, bank account numbers, and routing numbers. Such information poses a substantial risk for identity theft, financial fraud, and targeted phishing attacks. Experts warn that the exposure of Social Security numbers and banking details could have long-lasting consequences for the victims.
According to cybersecurity researchers, the attack aligns with tactics employed by the Clop ransomware gang, known for leveraging zero-day vulnerabilities to steal data rather than encrypt systems. The specific vulnerability exploited, tracked as CVE-2025-61882, has been actively abused since early August 2025. The Oracle Security Alerts page provides ongoing updates about this and related vulnerabilities.
In response to the breach, the University of Phoenix has engaged leading third-party cybersecurity firms to assist with the investigation and remediation efforts. A spokesperson for the university stated, “We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. Upon detecting the incident on November 21, 2025, we promptly took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. We are reviewing the impacted data and will provide the required notifications to affected individuals and regulatory entities.”
The university is offering free identity protection services to those affected and has advised recipients of breach notification letters to monitor their financial accounts and credit reports closely. These letters, which are being sent primarily via postal mail, include detailed instructions on protective measures.
This incident underscores the persistent threat posed by cybercriminals exploiting software vulnerabilities in higher education institutions, which often hold vast amounts of sensitive personal data. The Cybersecurity and Infrastructure Security Agency recommends that organizations implement rigorous patch management and monitoring protocols to mitigate such risks.
Individuals concerned about potential misuse of their information can access resources from the Federal Trade Commission’s IdentityTheft.gov website, which offers guidance on steps to take following a data breach. Meanwhile, federal regulators continue to emphasize the importance of transparency and swift action in breach disclosures to protect consumer interests.
The University of Phoenix breach follows a series of high-profile cyberattacks targeting educational institutions and financial service providers, highlighting the growing need for robust cybersecurity defenses across sectors. As investigations continue, authorities urge vigilance among affected individuals and the broader community.
Leave a Reply