NEWYou can now listen to Fox News articles!
The University of Phoenix has confirmed a major data breach affecting nearly 3.5 million people. The incident dates back to August, when attackers gained access to the university’s network and quietly stole sensitive information.
The school detected the intrusion on November 21. This discovery came after the attackers listed the university on a public leak site. In early December, the university disclosed the incident and its parent company filed an 8-K application with regulators.
The scope is great. Notification letters filed with the Maine Attorney General show 3,489,274 people are affected. Affected individuals include current and former students, faculty, staff, and vendors.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM bulletin.
DATA BREACH EXPOSES INFORMATION OF 400,000 BANK CUSTOMERS
The University of Phoenix data breach revealed sensitive personal and financial information linked to nearly 3.5 million people. (Kurt “CyberGuy” Knutsson)
What happened and how the attackers got in
According to the university, hackers exploited a zero-day vulnerability in Oracle E-Business Suite. This application manages financial transactions and contains very sensitive data.
Based on the technical details shared so far, security researchers believe the attack matches tactics used by the Clop ransomware gang. Clop has a long track record of stealing data through zero-day breaches rather than system encryption.
The vulnerability linked to this campaign is identified as CVE-2025-61882. Investigators say there has been abuse since early August.
What data was exposed
The university says the attackers accessed highly sensitive personal and financial information. This includes:
- Full names
- Contact details
- Dates of birth
- Social Security Numbers
- Bank account numbers
- Routing numbers
This type of data creates a serious risk. This can fuel identity theft, financial fraud and targeted attacks. phishing scams.
CREDIT 700 DATA BREACH EXPOSES THE SSNS OF 5.8 M CONSUMERS
Stolen University of Phoenix records could be used by criminals to launch targeted phishing and identity theft attacks. (Kurt “CyberGuy” Knutsson)
Nearly 3.5 million people impacted
In letters sent to those affected, the university confirmed that the breach affected 3,489,274 people. If you are a student or current or former employee, monitor your mail carefully.
These notifications often arrive by postal mail and not by email. The letter explains what data was exposed and includes instructions for protective services.
We reached out to the University of Phoenix for comment, and a representative provided CyberGuy with the following statement:
“We recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform. After detecting the incident on November 21, 2025, we quickly took steps to investigate and respond with the help of leading third-party cybersecurity companies. We are reviewing the affected data and will provide required notifications to affected individuals and regulatory entities.
Free Identity Protection Now Available
The University of Phoenix is offering free identity protection services to affected individuals. These include:
- 12 months of credit monitoring
- Identity theft recovery assistance
- Dark Web Monitoring
- A Million Dollar Fraud Refund Policy
To register, you must use the redemption code provided in the notification letter. Without this code you cannot activate the service.
This attack corresponds to a broader Clop campaign
The University of Phoenix breach is not an isolated case. Clop has used similar tactics in previous campaigns involving GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo and Gladinet CentreStack.
Other universities have also reported incidents related to Oracle EBS. These include Harvard University and the University of Pennsylvania.
The US government is taking notice. The US State Department is now offering a reward of up to $10 million for information linking the Clop attacks to a foreign government.
Why colleges are prime targets
Universities store huge amounts of personal data. Student records, financial aid records, payroll systems, and donor databases all live under one roof.
Like healthcare organizations, colleges are a high-value target. A single breach can expose years of data related to millions of people.
MAKE 2026 YOUR MOST PRIVATE YEAR YET BY DELETING BROKER DATA
Affected University of Phoenix students and staff should act quickly to monitor accounts and protect their identities. (Kurt “CyberGuy” Knutsson)
Steps to Stay Safe Now
If you think you may be affected, act quickly. These steps can reduce your risk.
1) Monitor your breach notification letter
Read it carefully. It explains what data was exposed and how to sign up for protection services.
2) Sign up for free identity protection
First, use the redemption code provided. Because social security and banking data are involved, credit monitoring and recovery services are important. Even if you don’t qualify for the free service, an identity theft protection service is still a smart solution.
Additionally, these services actively monitor sensitive details such as your social security number, phone number, and email address. If your information appears on the dark web or if someone tries to open a new account, you receive an alert immediately. As a result, many services also help you quickly freeze bank and credit card accounts to limit further fraud.
Check out my tips and top picks for protecting yourself against identity theft at Cyberguy.com
3) Use a data deletion service
Because this breach exposed names, contact information, and other identifiers, reducing what is publicly available about you. A data removal service can help you remove your personal information from data brokerage sites, reducing the risk of targeted phishing or fraud related to stolen University of Phoenix records.
Although no service can guarantee the complete removal of your data from the Internet, a data deletion service is definitely a wise choice. They’re not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information across hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data deletion services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com
Get a free analysis to find out if your personal information is already available on the web: Cyberguy.com
4) Monitor financial accounts daily
Check bank statements and credit card activity for unknown charges. Report anything suspicious immediately.
5) Consider freezing your credit
A credit freeze can prevent criminals from opening new accounts in your name. It’s free and reversible. To learn more about how to do this, visit Cyberguy.com and research “How to Freeze Your Credit.”
6) Be alert to phishing attempts and use powerful antivirus software
Expect more scam emails and phone calls. Criminals may refer to the violation as legitimate.
The best way to protect yourself from malicious links that install malware, potentially accessing your private information, is to install powerful antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, protecting your personal information and digital assets.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com
7) Secure your devices
Keep your operating systems and applications up to date, as attackers often exploit outdated software to gain access. Additionally, enable automatic updates and review app permissions to prevent stolen personal data from being combined with device-level access and causing further damage.
Kurt’s Key Takeaways
The University of Phoenix data breach highlights a growing problem in higher education. When attackers exploit trusted enterprise software, the consequences spread quickly and widely. While free identity protection is helpful, long-term vigilance matters most. Staying vigilant can limit the damage long after the headlines fade.
If universities can’t protect this level of sensitive data, should students demand higher cybersecurity standards before enrolling? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM bulletin.
Copyright 2025 CyberGuy.com. All rights reserved.
