The University of Phoenix has suffered a significant data breach, affecting 3.5 million individuals, due to a zero-day vulnerability in Oracle’s enterprise software exploited by the Clop ransomware group. The breach, which occurred between August 13 and 22, 2025, went undetected until November 21, when the university was compelled to investigate after Clop listed the institution on its dark web leak site. The compromised information includes names, contact details, birth dates, Social Security numbers, and bank account details, impacting students, employees, faculty, and suppliers. Researchers have linked the attack to Clop, a group believed to have Russian ties, which has targeted the same Oracle E-Business Suite flaw in a broader campaign affecting over 100 organizations. This incident is among the largest ransomware attacks globally in 2025 and a major event in the education sector. Clop’s tactics involve data extortion rather than traditional encryption, threatening to leak stolen information unless a ransom is paid. This breach is part of a wider trend of targeting U.S. universities through vulnerabilities in enterprise software, with other institutions like Harvard, the University of Pennsylvania, and Dartmouth College also affected this year.
Has the Clop ransomware group breached 3.5 million records at the University of Phoenix?
