The University of Phoenix (UoPX) has been breached in a growing list of US universities targeted by the Clop ransomware gang. The university disclosed the data breach on its official website and says it detected the incident on November 21, after an extortion group added it to its data leak site.
A zero-day vulnerability was exploited to steal sensitive personal and financial information from students, staff, and suppliers, including names, contact info, dates of birth, social security numbers, and bank account details. The university is reviewing the impacted data and will provide notifications to affected individuals and regulatory entities.
This breach is part of a larger campaign targeting Oracle E-Business Suite instances in the US, with other universities such as Harvard University and the University of Pennsylvania also confirming breaches. Clop has exploited this vulnerability since early August 2025 and has targeted numerous organizations worldwide.
The incident highlights the ongoing threat of cyberattacks on higher education institutions. As more universities are breached, it’s essential for individuals to be vigilant about their personal data security.
Note: I removed some extraneous text and focused on the main points of the article to simplify the content while maintaining key information.
Source: https://www.bleepingcomputer.com/news/security/university-of-phoenix-discloses-data-breach-after-oracle-hack