University of Phoenix Data Breach Investigation

Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the University of Phoenix, Inc. data breach.

If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.

About University of Phoenix

University of Phoenix is a private, for-profit university based in Phoenix, Arizona. Founded in 1976, the university is known for its large online education programs that cater primarily to working adults seeking flexible higher education options. It is currently owned by Phoenix Education Partners and has previously been under the ownership of Apollo Education Group.

The university offers a wide range of degree programs, including certificates, associate’s, bachelor’s, master’s and doctoral degrees, with a focus on fields such as business, education, health, social sciences and information systems.

What Happened?

In November 2025, University of Phoenix discovered a major data breach that may have affected millions of current and former students and staff. On Nov. 21, 2025, the university learned that a vulnerability in Oracle E-Business Suite software had been exploited by an unauthorized third party, later identified as the CL0P ransomware group.

This cyberattack occurred between Aug. 13 and Aug. 22, 2025, and resulted in the exfiltration of sensitive data. So far, the cybersecurity incident has impacted at least 3,489,274 people in the United States, including 9,131 residents in Maine, 23,769 in Massachusetts and 304,393 in Texas.

Possible Information Exposed

• Names
• Dates of birth
• Social Security numbers
• Bank account numbers
• Bank routing numbers

Beginning on Dec. 21, 2025, the breach was reported to the Attorney Generals' offices in California, Maine, Massachusetts and Texas. University of Phoenix began notifying affected individuals by written notice on Dec. 22, 2025.

Your Rights and Next Steps

If you received a data breach notification from University Of Phoenix, you have important rights and options. You may be entitled to seek compensation for any harm or inconvenience caused by this cybersecurity incident.

• Identity theft protection services: Sign up for the free IDX identity theft protection services offered by University Of Phoenix.
• Monitor your accounts carefully: Check your financial statements regularly for suspicious activity or unauthorized transactions. If you notice anything unusual, contact your financial institution immediately.
• Fraud alert and credit reports: A fraud alert informs creditors to take extra steps to verify your identity before opening new accounts in your name. Consumers are also entitled to one free credit report annually from each credit bureau. You can request a fraud alert or a credit report by contacting any one of the three major credit bureaus.
• Seek legal help: Lawyers are ready to help you understand your rights and pursue compensation.

You May Be Entitled to Compensation

If you were affected by the University of Phoenix data breach, you may be eligible for compensation, which could include reimbursement for out-of-pocket expenses, time spent addressing the breach, or payment for emotional distress.

Lawyers are ready to help you take the next steps. To find out if you qualify and to join a lawsuit, complete the form below.

Sources

• Maine Attorney General
• California Attorney General
• Texas Attorney General
• Massachusetts Attorney General