University of Phoenix data breach may have hit over 3.5 million victims - here's what we know

1. Pro
2. Security

University of Phoenix data breach may have hit over 3.5 million victims - here's what we know News By Sead Fadilpašić published 23 December 2025

Cl0p claims another victim

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Share Share by:

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google

• Cl0p exploited Oracle E‑Business Suite zero‑day, stealing data from University of Phoenix
• Nearly 3.5 million people affected; stolen data includes SSNs, bank details, and contact info
• University offers identity protection, credit monitoring, and $1M fraud reimbursement policy

The University of Phoenix has confirmed falling prey to Cl0p ransomware hackers and losing sensitive data on millions of people.

In late August 2025, the infamous Russian ransomware actor Cl0p found a zero-day vulnerability in Oracle’s E-Business Suite, an integrated set of enterprise applications that organizations use to manage core business processes such as finance, HR, supply chain, manufacturing, and procurement.

Cl0p used the zero-day to target numerous high-profile organizations, including Harvard University, and the University of the Witwatersrand, stealing their sensitive data and then threatening to release it on the dark web unless a ransom is paid.

You may like

• Google researchers say Oracle EBR hackers have hit dozens of organizations
• Cox Enterprises hit by Oracle data breach - but it won't name who carried out the attack
• The Washington Post confirms it suffered an Oracle-linked data breach

Notifying the victims

In late November 2025, Cl0p added the University of Phoenix to its data leak website, claiming to have hit this organization as well. At the time, the University was not aware of any breaches - however, after Cl0p’s claims, an investigation was launched which confirmed the compromise.

Now, we know that almost 3.5 million people have had their sensitive data stolen, including full names, contact details, dates of birth, Social Security numbers and bank account and routing numbers. Former students, employees, faculty and suppliers, are all affected.

“Clop has been on a rampage this year, targeting zero-day vulnerabilities in software used by large enterprises,” Paul Bischoff, consumer privacy advocate at product comparison site Comparitech, told SiliconANGLE via email. “Specifically, it targets Oracle’s E-Business Suite and the Cleo file transfer software. This attack on the University of Phoenix is most likely related to the former.”

To tackle the breach, the University notified all affected individuals, and offered 12 months of free identity protection, credit monitoring, and dark-web surveillance. It also set up a $1 million fraud reimbursement policy.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Comparitech also told the publication that this is the biggest ransomware attack of 2025.

“According to our data, this is the fourth-largest ransomware attack in the world this year (based on records affected),” Rebecca Moody, head of data research at Comparitech said. “It highlights the ongoing threat that companies face via ransomware and not just via attacks on their own systems.”

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Show More Comments

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Google researchers say Oracle EBR hackers have hit dozens of organizations    Cox Enterprises hit by Oracle data breach - but it won't name who carried out the attack    The Washington Post confirms it suffered an Oracle-linked data breach    Patient and staff data impacted by Cl0p ransomware attack on Barts Health NHS    Oracle forced to rush out patch for zero-day exploited in attacks    Ransomware hackers claim Oracle app breach, tell victims their data has been stolen    Latest in Security Nissan says Red Hat breach affected thousands of customers    Phishing emails and fake adverts flood inboxes this Christmas - and they’re getting harder to detect than ever    Worrying WhatsApp attack can steal messages and even accounts - here's how to stay safe from "poisoned" attack    NordProtect adds fraud monitoring tool to help protect users from scams    Ransomware attack on Romanian water agency hits over a thousand systems    OpenAI says it's had to protect its Atlas AI browser against some serious security threats    Latest in News Marvel Rivals studio teases a big year ahead for the game — 'We're not going to slow down'    DDR5 RAM kit from Corsair was reportedly swapped for dummy RGB modules    Dyson Spot+Scrub Ai robot vacuum first impressions: redemption?    Surfshark expands dedicated IP to Linux in its latest desktop update    ‘It’s good to have limitations’: Clair Obscur: Expedition 33's creative director says Sandfall Interactive's next game won’t on a bigger scale despite huge success    iOS 26.3 adds AirPods features to third-party earbuds — but just in the EU    LATEST ARTICLES

1. 1Santa tracker 2025 live – where is Santa right now and how to track him with NORAD and Google
2. 2Remote desktop software isn't just for work - DeskIn wants to help boost your gaming experience with a tool that's more at home in an office
3. 3$300 Intel B50 video card emerges as a surprisingly capable Pro GPU — but Nvidia's older Ada generation emerges as a bit of a bargain
4. 4Worrying WhatsApp attack can steal messages and even accounts - here's how to stay safe from "poisoned" attack
5. 5I've been testing this Eufy robovac for two weeks, and it has some of the best mopping I've seen