The University of Phoenix has confirmed a major data breach affecting nearly 3.5 million people. The incident traces back to August when attackers accessed the university's network and quietly stole sensitive information.
The school detected the intrusion on Nov. 21. That discovery came after the attackers listed the university on a public leak site. In early December, the university disclosed the incident, and its parent company filed an 8-K with regulators.
The scope is large. Notification letters filed with Maine's Attorney General show 3,489,274 individuals were affected. Those affected include current and former students, faculty, staff and suppliers.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
DATA BREACH EXPOSES 400,000 BANK CUSTOMERS’ INFO
According to the university, hackers exploited a zero-day vulnerability in Oracle E-Business Suite. This application handles financial operations and contains highly sensitive data.
Based on the technical details shared so far, security researchers believe the attack aligns with tactics used by the Clop ransomware gang. Clop has a long track record of stealing data through zero-day flaws rather than encrypting systems.
The vulnerability tied to this campaign is tracked as CVE-2025-61882. Investigators say it has been abused since early August.
The university says the attackers accessed highly sensitive personal and financial information. That includes:
This type of data creates a serious risk. It can fuel identity theft, financial fraud and targeted phishing scams.
700CREDIT DATA BREACH EXPOSES SSNS OF 5.8M CONSUMERS
In letters sent to affected individuals, the university confirmed the breach affects 3,489,274 people. If you are a current or former student or employee, watch your mail closely.
These notifications often arrive by postal mail, not email. The letter explains what data was exposed and includes instructions for protective services.
We reached out to the University of Phoenix for comment, and a rep provided CyberGuy with the following statement:
"We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. Upon detecting the incident on November 21, 2025, we promptly took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. We are reviewing the impacted data and will provide the required notifications to affected individuals and regulatory entities."
The University of Phoenix is offering affected individuals free identity protection services. These include:
To enroll, you must use the redemption code provided in the notification letter. Without that code, you cannot activate the service.
The University of Phoenix breach is not an isolated case. Clop has used similar tactics in past campaigns involving GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo and Gladinet CentreStack.
Other universities have also reported Oracle EBS-related incidents. These include Harvard University and the University of Pennsylvania.
The U.S. government is taking notice. The U.S. Department of State is now offering a reward of up to $10 million for information linking Clop's attacks to a foreign government.
Universities store massive amounts of personal data. Student records, financial aid files, payroll systems and donor databases all live under one roof.
Like healthcare organizations, colleges present a high-value target. A single breach can expose years of data tied to millions of people.
MAKE 2026 YOUR MOST PRIVATE YEAR YET BY REMOVING BROKER DATA
If you believe you may be affected, act quickly. These steps can reduce your risk.
Read it carefully. It explains what data was exposed and how to enroll in protection services.
First, use the redemption code provided. Because Social Security and banking data are involved, credit monitoring and recovery services matter. Even if you do not qualify for the free service, an identity theft protection service is still a smart move.
In addition, these services actively monitor sensitive details like your Social Security number, phone number and email address. If your information appears on the dark web or if someone tries to open a new account, you receive an alert right away. As a result, many services also help you quickly freeze bank and credit card accounts to limit further fraud.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com
Because this breach exposed names, contact details and other identifiers, reducing what is publicly available about you matters. A data removal service can help remove your personal information from data broker sites, which lowers the risk of targeted phishing or fraud tied to the stolen University of Phoenix records.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
Check bank statements and credit card activity for unfamiliar charges. Report anything suspicious immediately.
A credit freeze can stop criminals from opening new accounts in your name. It is free and reversible. To learn more about how to do this, go to Cyberguy.com and search "How to freeze your credit."
Expect more scam emails and phone calls. Criminals may reference the breach to sound legitimate.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com
Keep your operating systems and apps up to date, as attackers often exploit outdated software to gain access. In addition, enable automatic updates and review app permissions to prevent stolen personal data from being combined with device-level access and causing further harm.
The University of Phoenix data breach highlights a growing problem in higher education. When attackers exploit trusted enterprise software, the fallout spreads fast and wide. While free identity protection helps, long-term vigilance matters most. Staying alert can limit damage long after the headlines fade.
If universities cannot protect this level of sensitive data, should students demand stronger cybersecurity standards before enrolling? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
