The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025.
Founded in 1976 and headquartered in Phoenix, Arizona, UoPX is a private for-profit university with nearly 3,000 academic staff and over 100,000 enrolled students.
The university disclosed the data breach on its official website on Tuesday, while its parent company, Phoenix Education Partners, filed an 8-K form with the U.S. Securities and Exchange Commission (SEC).
UoPX said it detected the incident on November 21 (after the extortion group added it to its data leak site) and noted that the attackers exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application to steal a wide range of sensitive personal and financial information belonging to students, staff, and suppliers.
"We believe that the unauthorized third-party obtained certain personal information, including names and contact information, dates of birth, social security numbers, and bank account and routing numbers with respect to numerous current and former students, employees, faculty and suppliers was accessed without authorization," the school said.
"We continue to review the impacted data and will provide the required notifications to affected individuals and regulatory entities. Affected individuals will soon receive a letter via US Mail outlining the details of the incident and next ste
Apollo Education Group cybersecurity rating report: https://www.rankiteo.com/company/apollo-group
"id": "APO1764771057",
"linkid": "apollo-group",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Current and former '
'students, '
'employees, '
'faculty, and '
'suppliers',
'industry': 'Higher Education',
'location': 'Phoenix, Arizona, USA',
'name': 'University of Phoenix',
'size': 'Nearly 3,000 academic staff and '
'over 100,000 enrolled students',
'type': 'Educational Institution'}],
'attack_vector': 'Exploitation of zero-day vulnerability in '
'Oracle E-Business Suite',
'customer_advisories': 'Affected individuals will receive a '
'letter via US Mail outlining the details '
'of the incident and next steps',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Contact '
'information',
'Dates of birth',
'Social security '
'numbers',
'Bank account and '
'routing numbers']},
'date_detected': '2025-11-21',
'date_publicly_disclosed': '2025-11-26',
'description': 'The University of Phoenix (UoPX) was breached in '
'a Clop data theft campaign targeting vulnerable '
'Oracle E-Business Suite instances in August '
'2025. The attackers exploited a zero-day '
'vulnerability to steal sensitive personal and '
'financial information belonging to students, '
'staff, and suppliers.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive personal and financial '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': 'Oracle E-Business Suite (EBS) '
'financial application'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Oracle E-Business '
'Suite zero-day '
'vulnerability',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'motivation': 'Data theft and extortion',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Exploitation of '
'unpatched zero-day '
'vulnerability in '
'Oracle E-Business '
'Suite'},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Yes',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Clop'},
'references': [{'date_accessed': '2025-11-26',
'source': 'University of Phoenix Official '
'Website',
'url': None},
{'date_accessed': '2025-11-26',
'source': 'SEC Filing (8-K form)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': ['Potential '
'violations '
'of data '
'protection '
'laws (e.g., '
'FERPA, GDPR '
'if '
'applicable)'],
'regulatory_notifications': 'SEC '
'filing '
'(8-K '
'form), '
'required '
'notifications '
'to '
'affected '
'individuals '
'and '
'regulatory '
'entities'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Disclosure on official '
'website and SEC filing '
'(8-K form)',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Clop ransomware group',
'title': 'University of Phoenix Data Breach via Oracle '
'E-Business Suite Zero-Day Exploit',
'type': 'Data Breach',
'vulnerability_exploited': 'Zero-day vulnerability in Oracle '
'E-Business Suite (EBS) financial '
'application'}