The University of Phoenix confirmed this week that personal information for roughly 3.5 million people was taken in a cyber intrusion that investigators say occurred in mid-August 2025.
Security reporting ties the theft to exploitation of a zero-day vulnerability in Oracle E-Business Suite, and some outlets link the leak to the Clop criminal group.
According to investigators, the data was exfiltrated between August 13 and August 22, 2025; the university detected the incident in late November and began notifying affected people in December.
The university’s notices and reporting say the exposed records include names, dates of birth, Social Security numbers, contact information and, for some individuals, bank account and routing numbers.
The exact fields vary by person; the mailed letters the university is sending spell out what was exposed for each recipient.
University officials say they have engaged outside cybersecurity firms and law enforcement, and they have begun mailing notification letters to people affected.
The institution is offering one year of identity-protection and credit-monitoring services to those notified and has signaled it will cooperate with authorities.
The breach has already prompted legal interest: several law firms and class-action trackers have opened investigations and are soliciting potential plaintiffs who say they were affected.
The university and outside investigators have described the technical cause as the exploitation of an Oracle E-Business Suite flaw; reporting links the incident and subsequent posting of stolen data to known patterns used by the Clop group.
The university’s notification letters remain the primary source for individuals to confirm whether and exactly what information was exposed to them.
Discover more from Aree Blog
Subscribe now to keep reading and get access to the full archive.
