The University of Phoenix has disclosed a massive data breach impacting more than 3.4 million individuals, including the exposure of Social Security numbers, following a cyberattack linked to the Cl0p ransomware group. The incident stemmed from a zero-day vulnerability in Oracle E-Business Suite.
According to official filings, attackers gained unauthorized access to the university’s Oracle E-Business Suite (EBS) environment between August 13 and August 22, 2025. The compromised platform was used to manage core business processes, including sensitive personal data.
Breach notification documents submitted to the Maine Attorney General’s Office confirm that 3,489,274 individuals were affected. The exposed data includes names and Social Security numbers (SSNs), significantly increasing the risk of identity theft and financial fraud.
University officials stated that the breach is part of a broader Cl0p hacking campaign targeting organizations using Oracle EBS. The campaign reportedly began in early July 2025 and continues to identify new victims on a near-weekly basis.
The Cl0p ransomware gang, active since at least 2020, is notorious for high-profile extortion campaigns exploiting enterprise software, including MOVEit, GoAnywhere, and Cleo. In this case, attackers leveraged a previously unknown Oracle EBS zero-day vulnerability, enabling large-scale data exfiltration without deploying encryption payloads.
University of Phoenix said it engaged external cybersecurity experts, implemented additional security measures, and is offering affected individuals 12 months of credit monitoring, identity theft protection, and recovery services.
The University of Phoenix breach highlights the systemic risk posed by zero-day vulnerabilities in widely deployed enterprise platforms. A single flaw in business-critical software like Oracle E-Business Suite can rapidly escalate into a multi-million-record data exposure, affecting institutions far beyond the initial target.
