Cybersecurity News Kinetic Potential

3.5 Million Affected by University of Phoenix Data Breach

Wed, 12/24/2025 - 08:29 / 0 Comments

The University of Phoenix has admitted that millions of individuals are affected by a data breach stemming from a recent attack on the company’s Oracle E-Business Suite (EBS) instance.

The Oracle EBS campaign, claimed by the Cl0p ransomware group but believed to have been carried out by a cluster of the FIN11 threat group, targeted more than 100 organizations, including major companies and universities.

The hackers exploited zero-day vulnerabilities in Oracle EBS to gain access to data stored by customers in the enterprise management software.

The University of Phoenix confirmed in early December that it was targeted in the Oracle EBS campaign.

The EBS attacks were likely conducted over the summer and the campaign came to light in early October. The University of Phoenix said it became aware of an EBS-related cybersecurity incident on November 21, which is one day after the cybercriminals named it as a victim of the campaign.

An investigation conducted by the university showed that the data exfiltration occurred between August 13 and 22, 2025. Compromised information includes names, dates of birth, Social Security numbers, and bank account and routing numbers but “without means of access”, the university said.

The University of Phoenix data breach has impacted nearly 3.5 million individuals, according to data provided to the Maine Attorney General’s Office.

For many of the victims of the Oracle EBS hack, the cybercriminals have already made public hundreds of gigabytes and even terabytes of files allegedly stolen from their systems, but no University of Phoenix data appears to have been leaked.

The University of Phoenix is not the only university targeted in the Oracle EBS campaign.

The list of confirmed victims also includes the University of Pennsylvania, Harvard University, and Dartmouth College. Southern Illinois University and Tulane University have also been named by the hackers, and data presumably stolen from their systems has been released, but the universities have yet to publicly confirm suffering a data breach.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
3 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts