University of Phoenix Hit by Data Breach, Linked to Oracle Hack
A major data breach has rocked the University of Phoenix, exposing sensitive information of thousands. The university has confirmed a breach of its systems, adding to the growing list of educational institutions targeted in a widespread data theft campaign. This incident has raised concerns about the vulnerability of educational data and the potential impact on students and staff.
The University of Phoenix, a prominent private university with a rich history dating back to 1976, has fallen victim to a sophisticated cyberattack. The breach, discovered on November 21, 2025, was linked to a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application. This software is widely used by organizations for managing financial operations, making the breach even more concerning.
Here's the catch: the attackers exploited this vulnerability to access a treasure trove of personal and financial data, including names, contact details, dates of birth, social security numbers, and bank account information of students, staff, and suppliers. This breach could potentially affect over 100,000 students and thousands of staff members, making it a significant security incident.
The university's statement revealed that the breach was detected after the attackers added the institution to their data leak site. This incident is part of a larger campaign by the Clop ransomware gang, who have been exploiting a zero-day flaw (CVE-2025-61882) in Oracle EBS since early August 2025. The gang has successfully targeted multiple universities and companies, including Harvard University and the University of Pennsylvania, as well as global corporations like GlobalLogic and Logitech.
But here's where it gets controversial: the Clop gang has a history of targeting various organizations, including those using GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer. This group's reach and impact are extensive, and their tactics have evolved over time. And this is the part most people miss: the University of Phoenix breach is just one piece of a larger puzzle, as the same attackers have been active since late October, breaching multiple U.S. universities through voice phishing attacks.
The University of Phoenix's parent company, Phoenix Education Partners, has filed a report with the SEC, and the university has promised to notify affected individuals and regulatory bodies. However, the full extent of the damage and the identity of the attackers remain undisclosed. This incident highlights the urgent need for robust cybersecurity measures in the education sector and the potential consequences of broken Identity and Access Management (IAM) systems, as seen with Bitpanda, KnowBe4, and PathAI.
Are educational institutions doing enough to protect sensitive student and staff data? Share your thoughts on this critical issue and the potential solutions to prevent such breaches in the future.
