Ethical Hacking News
The University of Phoenix has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025, exposing sensitive personal and financial information belonging to students, staff, and suppliers.
The University of Phoenix has been breached in a Clop ransomware gang attack, with over 100,000 students affected.The breach targeted Oracle E-Business Suite instances and resulted in the theft of sensitive personal and financial information.The university detected the incident on November 21 and is providing notifications to affected individuals.The breach is part of a larger trend of ransomware attacks targeting vulnerable Oracle EBS instances.
The University of Phoenix, a private for-profit university with nearly 3,000 academic staff and over 100,000 enrolled students, has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. Founded in 1976 and headquartered in Phoenix, Arizona, the University of Phoenix disclosed the data breach on its official website on Tuesday, while its parent company, Phoenix Education Partners, filed an 8-K form with the U.S. Securities and Exchange Commission (SEC).
According to the university's statement, the attackers exploited a zero-day vulnerability in the Oracle E-Business Suite financial application to steal a wide range of sensitive personal and financial information belonging to students, staff, and suppliers. The stolen data includes names and contact information, dates of birth, social security numbers, and bank account and routing numbers.
The University of Phoenix detected the incident on November 21, after the extortion group added it to its data leak site. The university noted that it would continue to review the impacted data and provide notifications to affected individuals and regulatory entities. Affected individuals will soon receive a letter via US Mail outlining the details of the incident and next steps to take.
The University of Phoenix's breach is part of a Clop ransomware gang extortion campaign in which the gang has exploited a zero-day flaw (CVE-2025-61882) to steal sensitive documents from many victims' Oracle EBS platforms since early August 2025. Other universities in the United States, including Harvard University and the University of Pennsylvania, have also confirmed Oracle EBS breaches impacting their students and staff.
The extortion group also compromised the Oracle EBS instances of dozens of companies worldwide, including GlobalLogic, Logitech, The Washington Post, and the American Airlines subsidiary Envoy Air. The stolen data was leaked on the Clop's dark web site.
In recent months, several U.S. universities have been breached in a series of voice phishing attacks, with Harvard University, University of Pennsylvania, and Princeton University disclosing that the attackers breached systems used for development and alumni activities to steal the personal information of donors, staff, students, alumni, and faculty.
The Clop ransomware gang has been behind data theft campaigns targeting GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer customers in the past. These attacks have affected over 2,770 organizations. Since late October, the systems of several U.S. universities have been breached in a series of voice phishing attacks.
The breach at the University of Phoenix highlights the ongoing threat of ransomware attacks to higher education institutions. As more universities fall victim to these attacks, it is essential for institutions to take proactive measures to protect their data and prevent similar breaches in the future.
In addition to the technical measures that can be taken to prevent ransomware attacks, it is also crucial for institutions to educate their employees about cybersecurity best practices and the importance of reporting suspicious activity. By taking a comprehensive approach to cybersecurity, universities can reduce the risk of breach and protect their students, staff, and suppliers from potential harm.
The University of Phoenix's disclosure of the data breach serves as a warning to other higher education institutions to take immediate action to secure their systems and prevent similar breaches in the future.
In conclusion, the University of Phoenix's breach is part of a larger trend of ransomware attacks targeting vulnerable Oracle EBS instances. The university's disclosure highlights the ongoing threat of these attacks and the need for institutions to take proactive measures to protect their data.
Related Information:
https://www.ethicalhackingnews.com/articles/The-University-of-Phoenix-Joins-a-Growing-List-of-US-Universities-Breached-in-Clop-Data-Theft-Campaign-ehn.shtml
https://www.bleepingcomputer.com/news/security/university-of-phoenix-discloses-data-breach-after-oracle-hack/
Published: Wed Dec 3 07:50:33 2025 by llama3.2 3B Q4_K_M
