University of Phoenix discloses data breach after Oracle hack

Recorded: Dec. 3, 2025, 4:02 p.m.

Original

News

Featured
Latest

North Korea lures engineers to rent identities in fake IT worker scheme

Fake Calendly invites spoof top brands to hijack ad manager accounts

University of Pennsylvania confirms new data breach after Oracle hack

Google fixes two Android zero days exploited in attacks, 107 flaws

Deep dive into DragonForce ransomware and its Scattered Spider connection

Aisuru botnet behind new record-breaking 29.7 Tbps DDoS attack

University of Phoenix discloses data breach after Oracle hack

Score 65% off a Microsoft Surface with impressive performance

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Startup Database
Uninstall Database
Glossary
Chat on Discord
Send us a Tip!
Welcome Guide

HomeNewsSecurityUniversity of Phoenix discloses data breach after Oracle hack

University of Phoenix discloses data breach after Oracle hack

By Sergiu Gatlan

December 3, 2025
08:23 AM
0

The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025.
Founded in 1976 and headquartered in Phoenix, Arizona, UoPX is a private for-profit university with nearly 3,000 academic staff and over 100,000 enrolled students.
The university disclosed the data breach on its official website on Tuesday, while its parent company, Phoenix Education Partners, filed an 8-K form with the U.S. Securities and Exchange Commission (SEC).
UoPX said it detected the incident on November 21 (after the extortion group added it to its data leak site) and noted that the attackers exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application to steal a wide range of sensitive personal and financial information belonging to students, staff, and suppliers.
"We believe that the unauthorized third-party obtained certain personal information, including names and contact information, dates of birth, social security numbers, and bank account and routing numbers with respect to numerous current and former students, employees, faculty and suppliers was accessed without authorization," the school said.
"We continue to review the impacted data and will provide the required notifications to affected individuals and regulatory entities. Affected individuals will soon receive a letter via US Mail outlining the details of the incident and next steps to take."
Andrea Smiley, Vice President for Public Relations at University of Phoenix, told BleepingComputer that UoPX is "reviewing the impacted data and will provide the required notifications to affected individuals and regulatory entities." However, Smiley didn't share any further details about the breach, including which cybercrime operation was behind the attack or the total number of individuals affected.

University of Phoenix entry on Clop's leak site (BleepingComputer)
Although UoPX has yet to attribute the incident to a specific cybercrime group, based on the details shared so far, the breach is part of a Clop ransomware gang extortion campaign in which the gang has exploited a zero-day flaw (CVE-2025-61882) to steal sensitive documents from many victims' Oracle EBS platforms since early August 2025.
As part of the same series of data theft attacks, Clop has also targeted other universities in the United States, including Harvard University and the University of Pennsylvania, which have also confirmed Oracle EBS breaches impacting their students and staff.
The extortion group also compromised the Oracle EBS instances of dozens of companies worldwide, including GlobalLogic, Logitech, The Washington Post, and the American Airlines subsidiary Envoy Air, and leaked the stolen data on its dark web site.
In the past, Clop was also behind data theft campaigns targeting GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer customers, the latter affecting more than 2,770 organizations.
Since late October, the systems of several U.S. universities have also been breached in a series of voice phishing attacks, with Harvard University, University of Pennsylvania, and Princeton University disclosing that the attackers breached systems used for development and alumni activities to steal the personal information of donors, staff, students, alumni, and faculty.
Update December 03, 10:16 EST: Added statement from University of Phoenix.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
University of Pennsylvania confirms new data breach after Oracle hackDartmouth College confirms data breach after Clop extortion attackHarvard investigating breach linked to Oracle zero-day exploitLogitech confirms data breach after Clop extortion attackWashington Post data breach impacts nearly 10K employees, contractors

Arizona
Clop
Data Breach
Data Theft
Extortion
Hack
Oracle
Oracle E-Business Suite
Phoenix
University
University of Phoenix
USA

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article
Next Article

Popular Stories

ChatGPT is down worldwide, conversations disappeared for users

Glassworm malware returns in third wave of malicious VS Code packages

Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic

Sponsor Posts

Empowering IT teams with intelligence driven cyber threat research.

AI is a data-breach time bomb: Read the new report

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

University of Phoenix has recently disclosed a data breach impacting nearly 100,000 students, staff, and faculty, stemming from a Clop ransomware campaign that exploited a zero-day vulnerability within Oracle E-Business Suite (EBS) instances. The breach, detected on November 21, 2025, allowed the attackers to access sensitive personal information including names, contact details, dates of birth, social security numbers, and bank account/routing numbers. The attack aligns with a broader Clop extortion campaign targeting numerous U.S. universities, including the University of Pennsylvania and Harvard University, and a variety of global companies such as GlobalLogic, Logitech, and The Washington Post. Clop leveraged the CVE-2025-61882 vulnerability to gain unauthorized access to the EBS platforms, highlighting a critical security lapse in the university’s infrastructure. The incident underscores the ongoing risks associated with unpatched vulnerabilities within widely used enterprise software. Following the breach, University of Phoenix, along with its parent company Phoenix Education Partners, initiated notification procedures, intending to inform affected individuals and relevant regulatory entities, and to provide detailed information via mail. This event coincides with increasing reports of similar attacks targeting universities and multinational corporations, demonstrating a significant trend in cybercriminal activity. Notably, the university’s response—although initiated—has been cautious, with Andrea Smiley, Vice President for Public Relations, citing the ongoing review of impacted data and the need for comprehensive notification, suggesting a delicate balance between transparency and legal considerations. The broader context of this breach, compounded by overlapping voice phishing attacks against other U.S. universities (Harvard, University of Pennsylvania, Princeton) and Clop's previous campaigns against GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer, emphasizes the need for robust cybersecurity practices across educational institutions and organizations reliant on vulnerable legacy systems. The extent of the data compromised, coupled with the attackers’ ability to identify and exploit a zero-day vulnerability, indicates a sophisticated level of threat intelligence and operational capability. The University of Phoenix’s breach further validates the critical need for ongoing security assessments, timely patching, and proactive threat monitoring, particularly for systems utilizing older software versions like Oracle E-Business Suite.