top of page
perceptive_background_267k.jpg

University of Phoenix data breach impacts nearly 3.5 million individuals

Published:

22 December 2025 at 14:18:55

Alert date:

22 December 2025 at 15:02:33

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Zero-Day Vulnerabilities, Data Breach & Exfiltration, Enterprise Applications, Ransomware & Malware

The Clop ransomware gang breached the University of Phoenix network in August, stealing data belonging to nearly 3.5 million students, staff, and suppliers. This represents a significant data breach affecting a large educational institution and demonstrates the continued threat posed by the Clop ransomware operation against high-value targets in the education sector.

Technical details

The Clop ransomware gang exploited a zero-day vulnerability in Oracle E-Business Suite (EBS) financial application to breach University of Phoenix's network in August 2025. The attack was part of a larger campaign where Clop has been exploiting the Oracle zero-day vulnerability (CVE-2025-61882) since early August 2025 to steal data from multiple victims' Oracle EBS platforms. The breach was detected on November 21, 2025, after Clop added the university to its data leak site. The attackers gained unauthorized access to sensitive personal and financial information including names, contact information, dates of birth, social security numbers, and bank account and routing numbers of 3,489,274 individuals including current and former students, employees, faculty and suppliers.

Mitigation steps:

University of Phoenix is offering free identity protection services to affected individuals including: $1 million fraud reimbursement policy, 12 months of credit monitoring, identity theft recovery, and dark web monitoring. Organizations using Oracle E-Business Suite should apply security patches for CVE-2025-61882 and monitor for signs of unauthorized access to their EBS platforms.

Affected products:

Oracle E-Business Suite (EBS)
Oracle EBS financial application

Related links:

https://www.bleepingcomputer.com/news/security/university-of-phoenix-discloses-data-breach-after-oracle-hack/
https://www.bleepingcomputer.com/news/security/oracle-zero-day-exploited-in-clop-data-theft-attacks-since-early-august/
https://www.bleepingcomputer.com/news/security/harvard-investigating-breach-linked-to-oracle-zero-day-exploit/
https://www.bleepingcomputer.com/news/security/university-of-pennsylvania-confirms-data-theft-after-oracle-ebs-hack/
https://www.bleepingcomputer.com/news/security/fortra-shares-findings-on-goanywhere-mft-zero-day-attacks/
https://www.bleepingcomputer.com/tag/accellion/
https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/
https://www.bleepingcomputer.com/news/security/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks/
https://www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/
https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/
https://www.bleepingcomputer.com/tag/ivy-league/
https://www.bleepingcomputer.com/news/security/harvard-university-discloses-data-breach-affecting-alumni-donors/
https://www.bleepingcomputer.com/news/security/university-of-pennsylvania-confirms-data-stolen-in-cyberattack/
https://www.bleepingcomputer.com/news/security/princeton-university-discloses-data-breach-affecting-donors-alumni/
https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/422db005-448f-4772-afc6-07dabfa169a8.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page