.png)
University of Phoenix Data Breach Affects 3.5 Million
On Nov. 21, 2025, University of Phoenix, a major provider of online higher education, discovered a significant data breach affecting millions of individuals. The breach was the result of a sophisticated ransomware attack carried out by the CL0P group, a well-known cybercriminal organization.
According to the official notice, the attackers exploited a previously unknown vulnerability in Oracle E-Business Suite (Oracle EBS) software. This allowed unauthorized access and exfiltration of sensitive data between Aug. 13 and Aug. 22, 2025. The scope of the breach is considerable, impacting a reported 3,489,274 people across the United States, including 9,131 Maine residents.
The CL0P ransomware group claimed responsibility for the attack, posting about the breach on the dark web on Nov. 20, 2025, prior to the university’s discovery. The attackers used a zero-day vulnerability in Oracle EBS, which is a critical enterprise resource planning system, to gain access and steal data. The types of information exposed include names, dates of birth, Social Security numbers and bank account and routing numbers.
The breach was reported to the California and Maine Attorney Generals' offices on Dec. 21, 2025, and affected individuals began receiving written notifications starting Dec. 22, 2025.
University of Phoenix's response
Upon learning of the incident, University of Phoenix took steps to secure its systems and prevent further unauthorized access. Law enforcement, including the FBI, was notified and is actively involved in the ongoing investigation. To support those affected, the university is offering complimentary identity protection services through IDX to impacted individuals.
If you receive notification from University Of Phoenix about this breach, you may want to:
- Sign up for the free IDX identity theft protection services, offered by University Of Phoenix.
- Monitor your credit reports and financial accounts for any unusual activity.
- Be alert for phishing emails or phone calls that may use your exposed information.
- Consider placing a fraud alert or credit freeze with major credit bureaus.
For affected individuals with questions, University Of Phoenix has set up a call center at 833-353-7866, Monday through Friday, 7 a.m. to 7 p.m. MT.
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info- Affected information types not yet disclosed
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
Subscribe to our weekly class actions newsletter.
.svg)