University of Phoenix Data Breach Affects 3.5 Million People

On Nov. 21, 2025, University of Phoenix discovered a data breach affecting millions of people in the United States. The breach was the result of a sophisticated ransomware attack carried out by the CL0P group, a well-known cybercriminal organization.

According to the official notice, the attackers exploited a previously unknown vulnerability in Oracle E-Business Suite (Oracle EBS) software. This allowed unauthorized access and exfiltration of sensitive data between Aug. 13 and Aug. 22, 2025. The scope of the breach is considerable, impacting a reported 3,489,274 people across the United States.

Impacted Individuals By State

• Maine: 9,131
• Massachusetts: 23,769
• New Hampshire: 6,661
• South Carolina: 64,161
• Washington: 64,796
• Texas: 304,393

The CL0P ransomware group claimed responsibility for the attack, posting about the breach on the dark web on Nov. 20, 2025, prior to the university’s discovery. The attackers used a zero-day vulnerability in Oracle EBS, which is a critical enterprise resource planning system, to gain access and steal data. The types of information exposed include names, dates of birth, Social Security numbers and bank account and routing numbers.

University Of Phoenix disclosed the breach to investors and the SEC in its Dec. 2, 2025, Form 8-K filing. Beginning on Dec. 21, 2025, the company began notifying relevant authorities of the breach, including the Attorney Generals' offices in California, New Hampshire, Maine, Massachusetts, Oregon, Iowa, South Carolina, Washington and Texas. Impacted individuals began receiving written notifications starting Dec. 22, 2025.

University of Phoenix's response

Upon learning of the incident, University of Phoenix took steps to secure its systems and prevent further unauthorized access. Law enforcement, including the FBI, was notified and is actively involved in the ongoing investigation. To support those affected, the university is offering complimentary identity protection services through IDX to impacted individuals.

If you receive notification from University Of Phoenix about this breach, you may want to:

• Sign up for the free IDX identity theft protection services, offered by University Of Phoenix.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For affected individuals with questions, University Of Phoenix has set up a call center at 833-353-7866, Monday through Friday, 7 a.m. to 7 p.m. MT.