University of Phoenix data breach affects 3.5 million people
NEWNow you can listen to News articles!
The University of Phoenix has confirmed a major data breach affecting nearly 3.5 million people. The incident dates back to August, when attackers accessed the university’s network and quietly stole sensitive information.
The school detected the intrusion on November 21. That discovery came after attackers listed the university on a public leak site. In early December, the university disclosed the incident and its parent company filed an 8-K with regulators.
The scope is great. Notification letters filed with the Maine Attorney General show that 3,489,274 people were affected. Those affected include current and former students, faculty, staff and vendors.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
DATA BREACH EXPOSES THE INFORMATION OF 400,000 BANK CUSTOMERS
The University of Phoenix data breach exposed sensitive personal and financial information linked to nearly 3.5 million people. (Kurt “CyberGuy” Knutsson)
What happened and how the attackers got in
According to the university, hackers exploited a zero-day vulnerability in Oracle E-Business Suite. This application handles financial operations and contains highly confidential data.
Based on the technical details shared so far, security researchers believe the attack aligns with tactics used by the Clop ransomware gang. Clop has a long history of data theft using zero-day flaws instead of encryption systems.
The vulnerability linked to this campaign is tracked as CVE-2025-61882. Investigators say he has been abused since early August.
What data was exposed?
The university says the attackers accessed highly sensitive personal and financial information. That includes:
- Full names
- contact information
- dates of birth
- Social security numbers
- bank account numbers
- Route numbers
This type of data creates a serious risk. It can fuel identity theft, financial fraud and phishing scams.
700CREDITO DATA BREACH EXPOSES THE SSNS OF 5.8 MILLION CONSUMERS
Criminals could use stolen University of Phoenix records to launch targeted phishing and identity theft attacks. (Kurt “CyberGuy” Knutsson)
Almost 3.5 million people affected
In letters sent to affected people, the university confirmed that the violation affects 3,489,274 people. If you are a current or former student or employee, please watch your email carefully.
These notifications usually arrive by postal mail, not by email. The letter explains what data was exposed and includes instructions for protective services.
We reached out to the University of Phoenix for comment and a representative provided CyberGuy with the following statement:
“We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. Upon detecting the incident on November 21, 2025, we took immediate action to investigate and respond with the assistance of leading third-party cybersecurity companies. We are reviewing the affected data and will provide required notifications to affected individuals and regulatory entities.”
Free identity protection now available
The University of Phoenix offers affected individuals free identity protection services. These include:
- 12 months of credit monitoring
- Identity Theft Recovery Assistance
- Dark web monitoring
- A $1 million fraud refund policy
To enroll, you must use the redemption code provided in the notification letter. Without that code you will not be able to activate the service.
This attack fits into a broader Clop campaign.
The University of Phoenix breach is not an isolated case. Clop has used similar tactics in previous campaigns with GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo, and Gladinet CentreStack.
Other universities have also reported incidents involving Oracle EBS. These include Harvard University and the University of Pennsylvania.
The United States government is taking notice. The US State Department is now offering a reward of up to $10 million for information linking Clop’s attacks to a foreign government.
Why universities are prime targets
Universities store enormous amounts of personal data. Student records, financial aid files, payroll systems, and donor databases are all under one roof.
Like healthcare organizations, universities present a highly valuable objective. A single breach can expose years of data linked to millions of people.
MAKE 2026 YOUR MOST PRIVATE YEAR BY DELETING BROKER DATA
Affected University of Phoenix students and staff should act quickly to monitor accounts and protect their identities. (Kurt “CyberGuy” Knutsson)
Steps to stay safe right now
If you think you may be affected, act quickly. These steps can reduce your risk.
1) Keep an eye on your breach notification letter
Read it carefully. Explains what data was exposed and how to enroll in protective services.
2) Sign up for free identity protection
First, use the redemption code provided. Because banking and Social Security data are involved, credit monitoring and recovery services are important. Even if you don’t qualify for the free service, an identity theft protection service is still a smart move.
Additionally, these services actively monitor sensitive details such as your Social Security number, phone number, and email address. If your information appears on the dark web or if someone tries to open a new account, you will be alerted immediately. As a result, many services also help you quickly freeze bank and credit card accounts to limit future fraud.
See my tips and best options on how to protect yourself from identity theft at Cyberguy.com
3) Use a data deletion service
Because this breach exposed names, contact details, and other identifiers, it is important to reduce what is publicly available about you. A data removal service can help remove your personal information from data broker sites, reducing the risk of phishing or fraud targeting stolen University of Phoenix records.
While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already available on the web: Cyberguy.com
4) Monitor financial accounts daily
Check bank statements and credit card activity for unknown charges. Report anything suspicious immediately.
5) Consider freezing your credit
A credit freeze can prevent criminals from opening new accounts in your name. It is free and reversible. For more information on how to do this, go to Cyberguy.com and search for “How to freeze your credit.”
6) Be alert for phishing attempts and use strong antivirus software
Expect more scam emails and phone calls. Criminals can reference the violation to make it appear legitimate.
The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com
7) Secure your devices
Keep your operating systems and applications up to date, as attackers often leverage outdated software to gain access. Additionally, enable automatic updates and review app permissions to prevent stolen personal data from merging with device-level access and causing further damage.
Kurt’s Key Takeaways
The University of Phoenix data breach highlights a growing problem in higher education. When attackers exploit trusted enterprise software, the consequences spread quickly and widely. While free identity protection helps, what’s most important is long-term surveillance. Staying vigilant can limit damage long after the headlines fade.
If universities cannot protect this level of sensitive data, should students require stricter cybersecurity standards before enrolling? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE News APP
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2025 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.