University of Phoenix discloses data breach after Oracle hack – BleepingComputer
North Korea lures engineers to rent identities in fake IT worker scheme
Fake Calendly invites spoof top brands to hijack ad manager accounts
University of Pennsylvania confirms new data breach after Oracle hack
Google fixes two Android zero days exploited in attacks, 107 flaws
University of Phoenix discloses data breach after Oracle hack
Score 65% off a Microsoft Surface with impressive performance
Korea arrests suspects selling intimate videos from hacked IP cameras
FTC settlement requires Illuminate to delete unnecessary student data
How to access the Dark Web using the Tor Browser
How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11
How to use the Windows Registry Editor
How to backup and restore the Windows Registry
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
eLearning
IT Certification Courses
Gear + Gadgets
Security
Best VPNs
How to change IP address
Access the dark web safely
Best VPN for YouTube
The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025.
Founded in 1976 and headquartered in Phoenix, Arizona, UoPX is a private for-profit university with nearly 3,000 academic staff and over 100,000 enrolled students.
The university disclosed the data breach on its official website on Tuesday, while its parent company, Phoenix Education Partners, filed an 8-K form with the U.S. Securities and Exchange Commission (SEC).
UoPX said it detected the incident on November 21 (after the extortion group added it to its data leak site) and noted that the attackers exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application to steal a wide range of sensitive personal and financial information belonging to students, staff, and suppliers.
“We believe that the unauthorized third-party obtained certain personal information, including names and contact information, dates of birth, social security numbers, and bank account and routing numbers with respect to numerous current and former students, employees, faculty and suppliers was accessed without authorization,” the school said.
“We continue to review the impacted data and will provide the required notifications to affected individuals and regulatory entities. Affected individuals will soon receive a letter via US Mail outlining the details of the incident and next steps to take.”
A spokesperson for the University of Phoenix didn’t respond when BleepingComputer reached out today to request more details about the breach, including the identity of the attackers and the total number of individuals affected.
Although the UoPX has yet to attribute the incident to a specific cybercrime group, based on the details shared so far, the breach is part of a Clop ransomware gang extortion campaign in which the gang has exploited a zero-day flaw (CVE-2025-61882) to steal sensitive documents from many victims’ Oracle EBS platforms since early August 2025.
As part of the same series of data theft attacks, Clop has also targeted other universities in the United States, including Harvard University and the University of Pennsylvania, which have also confirmed Oracle EBS breaches impacting their students and staff.
The extortion group also compromised the Oracle EBS instances of dozens of companies worldwide, including GlobalLogic, Logitech, The Washington Post, and the American Airlines subsidiary Envoy Air, and leaked the stolen data on its dark web site.
In the past, Clop was also behind data theft campaigns targeting GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer customers, the latter affecting more than 2,770 organizations.
Since late October, the systems of several U.S. universities have also been breached in a series of voice phishing attacks, with Harvard University, University of Pennsylvania, and Princeton University disclosing that the attackers breached systems used for development and alumni activities to steal the personal information of donors, staff, students, alumni, and faculty.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.
University of Pennsylvania confirms new data breach after Oracle hack
Dartmouth College confirms data breach after Clop extortion attack
Harvard investigating breach linked to Oracle zero-day exploit
Logitech confirms data breach after Clop extortion attack
Washington Post data breach impacts nearly 10K employees, contractors
Not a member yet? Register Now
ChatGPT is down worldwide, conversations disappeared for users
Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic
Glassworm malware returns in third wave of malicious VS Code packages
AI is a data-breach time bomb: Read the new report
Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!
Terms of Use – Privacy Policy – Ethics Statement – Affiliate Disclosure
Copyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.
source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.
