University of Phoenix Breach: Education System Still Not Safe

University of Phoenix Data Breach: What Happened and What You Can Do

What Happened

Last updated: December 2025

Overview

The University of Phoenix disclosed a cybersecurity incident that impacted a large number of individuals, including current and former students, employees, faculty, and suppliers. In notification filings, the total number of affected people was reported as approximately 3.49 million.

According to the university and its parent company’s public disclosures, an unauthorized third party accessed data by exploiting a previously unknown software vulnerability in Oracle E-Business Suite (Oracle EBS), a platform used for business operations.

Important context: This incident is part of a broader wave of attacks targeting Oracle EBS environments, and other universities have also reported related breaches.

How it happened

Public filings indicate the attackers exploited a previously unknown vulnerability affecting Oracle EBS. The company reported that the activity occurred in August 2025 and was detected on November 21, 2025.

In a sample breach notification letter filed with regulators, the university stated the unauthorized activity occurred between August 13 and August 22, 2025, when a threat actor extracted certain data from the university’s Oracle EBS environment. The organization also stated it brought in third-party cybersecurity firms to support investigation and response.

After patches became available, the company reported it installed Oracle EBS updates released in October 2025 to remediate the issue.

Risks

The risk for individuals depends on what specific information was included in the data that was accessed. Public disclosures describe the types of information that may have been involved as:

Names and contact information, dates of birth, Social Security numbers, and bank account and routing numbers.

If Social Security numbers or banking details are involved, the biggest concerns are identity theft and fraud. Even when no money is taken immediately, exposed personal details can be used later for scams, account takeovers, or convincing impersonation attempts.

Another practical risk is phishing: after a breach like this becomes public, people often receive fake “support” emails or calls that pretend to be the university, a credit monitoring provider, or a bank.

Recommendations

If you received a notice (or think you may be impacted), these steps are a sensible baseline:

Use the offered identity protection service. The notification letter describes complimentary identity protection services (including credit monitoring and identity recovery support) and provides enrollment instructions and an enrollment deadline.

Watch for fraud signs. Keep an eye on bank transactions, credit card statements, and any unexpected mail about new accounts. If something looks off, contact the institution using a trusted phone number (not one from a suspicious email).

Consider a fraud alert or credit freeze. A fraud alert can make it harder for criminals to open new credit in you