-
A cyberattack took advantage of a zero-day weakness in Oracle’s E-Business Suite to leak the data of about 3.5 million people.
-
The Clop ransomware gang is behind the attack — they had broken into the systems months before anyone even noticed.
-
Stolen data includes highly sensitive Social Security and bank account numbers, ranking this among 2025’s largest attacks.
The University of Phoenix just announced a major data breach that hit around 3.5 million people—current and former students, plus staff, and everyone whose info is in the database got hit.
Turns out a well-known hacker group did it. They got in through a big security hole in some popular business software that hadn’t been patched up yet.
The Details of the Breach and Suspected Perpetrator
Based on the report, the breach was a well-calculated operation, implemented stealthily —most likely over an extended period. The school’s investigation showed what happened.
The hackers first broke in without permission back in August 2025. They moved quietly through the network for three months. Hackers took advantage of a flaw in Oracle’s E-Business Suite.
This software handles really important money and business info. No one noticed that a breach had occurred until November 21. But that discovery came with humiliation.
The university found out after the Clop ransomware group listed it on a dark web leak site. Clop is known for data extortion attacks, having previously breached major organizations like the security giant Entrust through the same Oracle zero-day. They steal sensitive information rather than just locking systems.
The group publicly claimed to be exploiting this specific Oracle flaw. “Given what is already known about the group… there is little doubt about the origins,” the report states.
The exploited vulnerability was no secret. The company publicly detailed it in early November. Reports showed Clop had been using it since at least September.
Executives at multiple companies had already received extortion emails. The warning signs were there. Yet the university still became a major victim.
The stolen data is a jackpot for criminals. It includes full names, contact details, and dates of birth. Most damaging are the Social Security numbers and bank account numbers.
A Major Attack Highlights Systemic Risks
The sheer size of this breach stuns experts. Rebecca Moody, who heads data research at Comparitech, put it simply. She said that this ransomware attack is the fourth biggest worldwide this year, considering how many records were hit.
It shows a harsh reality. The biggest threats often come through third-party software. These platforms form the backbone of large institutions. The University of Phoenix is now managing a monumental crisis. It has begun notifying millions via mailed letters.
The school is offering 12 months of free identity protection. This includes credit monitoring and dark-web surveillance. This plan also offers a $1 million fraud reimbursement policy.
Why did this happen? Attackers actively exploited the Oracle flaw for weeks. Other organizations were already under attack. This points to a severe security lapse.
Possible Mitigation Strategies
The report underscores urgent needs for all companies. Continuous software patching is non-negotiable. Robust network segmentation could have limited the damage.
Proactive threat hunting is also essential. Teams must search for adversaries, not wait for alerts. This is critical for complex systems like Oracle EBS.
Clop has specifically targeted this software all year. “Clop has been on a rampage this year,” said privacy advocate Paul Bischoff. They focus on zero-days in major enterprise platforms. Their exploitation of the Oracle E-Business Suite flaw has led to several major breaches, including a significant attack on the NHS’s health data.
The fallout for victims will last for years. Criminals cannot easily change stolen Social Security and bank numbers. A year of monitoring is just a first step.
This breach is a stark lesson in modern cybersecurity. It shows the devastating chain reaction a single software flaw can cause. Reliance on critical third-party systems brings immense risk.
There is a need to take as many precautions as possible in these times. Keeping your software up to date is essential, or you are essentially preparing yourself for problems online. For 3.5 million people, that disaster is now a personal reality.
