Organisation: University of Phoenix
Incident date: August 13–22, 2025
Nature of incident: Unauthorized access and large-scale data theft
Status: Confirmed
Reported by: University of Phoenix; Office of the Maine Attorney General
The University of Phoenix has confirmed a significant data breach linked to an expansive Oracle E-Business Suite (EBS) exploitation campaign, affecting nearly 3.5 million individuals. Updated regulatory filings and public statements describe an August 2025 data-theft incident that was subsequently linked to the Clop ransomware group’s activity targeting Oracle EBS deployments.
According to SecurityWeek and earlier university disclosures, Phoenix became aware of an EBS-related cybersecurity incident on November 21, 2025, shortly after threat actors named the institution on their leak site. The investigation determined that attackers exploited an Oracle EBS zero-day in a campaign targeting more than 100 organizations, and that data exfiltration at Phoenix occurred between August 13 and August 22, 2025.
Notification letters filed with the Maine Attorney General state that 3,489,274 individuals are affected. The exposed data includes names, dates of birth, Social Security numbers, and bank account and routing numbers. However, the university specifies that these banking details were stored “without means of access.” For some people, additional contact or employment information may also be present in the compromised records.
For students, staff, alumni, and suppliers, the combination of identity data and partial financial details substantially increases the risk of identity theft, tax fraud, account-takeover attempts, and highly targeted phishing. Regulators and consumer-protection agencies are advising affected individuals to enroll in the offered identity-protection services, monitor their financial accounts, and, where appropriate, freeze their credit files.
The incident forms part of a broader Oracle EBS attack cluster impacting multiple universities and enterprises in the United States and abroad. Similar campaigns against other higher-education institutions, including the University of Pennsylvania, Harvard University, and Dartmouth College, have highlighted systemic risks posed by enterprise resource planning platforms that host large volumes of sensitive personal and financial data.
University of Phoenix says it is working with external forensic specialists, notifying regulators, and offering affected individuals a package of identity-protection services that includes credit monitoring, identity-theft recovery, dark-web monitoring, and a fraud reimbursement policy. The institution continues to harden its Oracle EBS environment and related systems while cooperating with law enforcement and regulatory inquiries.
This breach adds to a growing list of large-scale data-theft incidents driven by exploitation of complex third-party platforms, underscoring the importance of timely patching, segmented architectures, and proactive monitoring of high-value enterprise systems.
Worried about your online data? Run a leak check now at Am I Hacked and protect your online security today.