University of Phoenix discloses data breach after Oracle hack

Recorded: Dec. 3, 2025, 4:02 p.m.

Original

News

Featured
Latest

North Korea lures engineers to rent identities in fake IT worker scheme

Fake Calendly invites spoof top brands to hijack ad manager accounts

University of Pennsylvania confirms new data breach after Oracle hack

Google fixes two Android zero days exploited in attacks, 107 flaws

Deep dive into DragonForce ransomware and its Scattered Spider connection

Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

University of Phoenix discloses data breach after Oracle hack

Score 65% off a Microsoft Surface with impressive performance

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Startup Database
Uninstall Database
Glossary
Chat on Discord
Send us a Tip!
Welcome Guide

HomeNewsSecurityUniversity of Phoenix discloses data breach after Oracle hack

University of Phoenix discloses data breach after Oracle hack

By Sergiu Gatlan

December 3, 2025
08:23 AM
0

The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025.
Founded in 1976 and headquartered in Phoenix, Arizona, UoPX is a private for-profit university with nearly 3,000 academic staff and over 100,000 enrolled students.
The university disclosed the data breach on its official website on Tuesday, while its parent company, Phoenix Education Partners, filed an 8-K form with the U.S. Securities and Exchange Commission (SEC).
UoPX said it detected the incident on November 21 (after the extortion group added it to its data leak site) and noted that the attackers exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application to steal a wide range of sensitive personal and financial information belonging to students, staff, and suppliers.
"We believe that the unauthorized third-party obtained certain personal information, including names and contact information, dates of birth, social security numbers, and bank account and routing numbers with respect to numerous current and former students, employees, faculty and suppliers was accessed without authorization," the school said.
"We continue to review the impacted data and will provide the required notifications to affected individuals and regulatory entities. Affected individuals will soon receive a letter via US Mail outlining the details of the incident and next steps to take."
Andrea Smiley, Vice President for Public Relations at University of Phoenix, told BleepingComputer that UoPX is "reviewing the impacted data and will provide the required notifications to affected individuals and regulatory entities." However, Smiley didn't share any further details about the breach, including which cybercrime operation was behind the attack or the total number of individuals affected.

University of Phoenix entry on Clop's leak site (BleepingComputer)
Although UoPX has yet to attribute the incident to a specific cybercrime group, based on the details shared so far, the breach is part of a Clop ransomware gang extortion campaign in which the gang has exploited a zero-day flaw (CVE-2025-61882) to steal sensitive documents from many victims' Oracle EBS platforms since early August 2025.
As part of the same series of data theft attacks, Clop has also targeted other universities in the United States, including Harvard University and the University of Pennsylvania, which have also confirmed Oracle EBS breaches impacting their students and staff.
The extortion group also compromised the Oracle EBS instances of dozens of companies worldwide, including GlobalLogic, Logitech, The Washington Post, and the American Airlines subsidiary Envoy Air, and leaked the stolen data on its dark web site.
In the past, Clop was also behind data theft campaigns targeting GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer customers, the latter affecting more than 2,770 organizations.
Since late October, the systems of several U.S. universities have also been breached in a series of voice phishing attacks, with Harvard University, University of Pennsylvania, and Princeton University disclosing that the attackers breached systems used for development and alumni activities to steal the personal information of donors, staff, students, alumni, and faculty.
Update December 03, 10:16 EST: Added statement from University of Phoenix.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
University of Pennsylvania confirms new data breach after Oracle hackDartmouth College confirms data breach after Clop extortion attackHarvard investigating breach linked to Oracle zero-day exploitLogitech confirms data breach after Clop extortion attackWashington Post data breach impacts nearly 10K employees, contractors

Arizona
Clop
Data Breach
Data Theft
Extortion
Hack
Oracle
Oracle E-Business Suite
Phoenix
University
University of Phoenix
USA

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article
Next Article

Popular Stories

ChatGPT is down worldwide, conversations disappeared for users

Glassworm malware returns in third wave of malicious VS Code packages

Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic

Sponsor Posts

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

Empowering IT teams with intelligence driven cyber threat research.

AI is a data-breach time bomb: Read the new report

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

University of Phoenix has become the latest U.S. institution to experience a significant data breach, directly linked to the Clop ransomware operation. The breach, confirmed in December 2025, occurred through the exploitation of a zero-day vulnerability within Oracle E-Business Suite (EBS) financial applications. Initial detection took place on November 21st, after Clop had already begun disseminating the stolen data on its dark web site.

The attack targeted the university’s systems, compromising sensitive information belonging to students, staff, and suppliers. This data included details such as names, contact information, dates of birth, social security numbers, and crucially, bank account and routing numbers. The extent of the compromise remains under investigation, though University of Phoenix is actively reviewing the impacted data and preparing notifications for affected individuals and regulatory entities, with letters expected to be mailed via US mail.

Clop, a well-established extortion group, has been aggressively targeting vulnerable Oracle EBS instances since early August 2025. This campaign has extended beyond the University of Phoenix, impacting several other U.S. universities, including Harvard University and the University of Pennsylvania, as well as numerous global companies like GlobalLogic, Logitech, The Washington Post, and Envoy Air. Clop’s tactics involve leveraging zero-day vulnerabilities, allowing them to gain unauthorized access to systems and exfiltrate data.

The breach further highlights a concerning trend – the repeated exploitation of legacy systems, particularly those utilizing Oracle EBS. This specific software, while widely used, has historically been a target for cybercriminals due to its complexity and the potential for vulnerabilities. The group’s activities mirror previous attacks against GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer systems, affecting thousands of organizations worldwide. More recently, the university's breach joins a wave of similar incidents involving voice phishing attacks that specifically targeted systems used for development and alumni activities.

The University of Phoenix’s situation underscores the necessity of robust cybersecurity practices, particularly for institutions managing sensitive data. While a full assessment of the impact is ongoing, the immediate risk lies in the potential for identity theft and financial fraud. Researchers are attempting to ascertain the complete list of compromised individuals and, potentially, the specific security weaknesses that allowed the breach to occur. The University of Phoenix is obligated to adhere to data breach notification laws and cooperate with law enforcement, as it continues its investigation and remediation efforts.