A large-scale cyber incident has once again put the higher education sector under pressure, with millions of personal records now at risk.
The University of Phoenix has confirmed that a cyberattack has compromised data linked to about 3.49 million individuals. Those affected include students, alumni, faculty, staff and select external partners.
The intrusion is believed to have started in August. The university became aware of the breach on November 21 after its name appeared on a public data leak site. The incident was officially disclosed in December through regulatory filings. Cybersecurity experts say this could rank among the largest data breaches in the higher education sector in recent years.
Initial findings suggest that attackers gained access by exploiting a zero day vulnerability in the Oracle E Business Suite. This system is widely used for financial operations and the storage of sensitive records. Researchers noted that the attack shows similarities to previous campaigns linked to the Clop ransomware group. However, instead of encrypting systems, the attackers appear to have focused on large scale data theft.
The vulnerability is being tracked as CVE 2025 61882 and is believed to have been actively exploited since early August.
Databases that may have been accessed include full names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers. Experts warn that exposure of such information increases the risk of identity theft, financial fraud and highly targeted phishing attacks.
In response, the University of Phoenix has announced support measures for affected individuals. These include 12 months of credit monitoring, identity theft recovery assistance, dark web monitoring, and fraud reimbursement coverage of up to about ₹8.3 crore. Access to these services requires a unique redemption code provided in notification letters.
Analysts believe the breach could be part of a broader cyber campaign. The Clop group has previously exploited vulnerabilities in platforms such as GoAnywhere, Accellion FTA and MOVEit. Several leading universities, including Harvard and the University of Pennsylvania, have also reviewed Oracle related security incidents. The U.S. State Department has offered rewards of up to about ₹83 crore for information connected to Clop linked activities.
Experts note that universities remain attractive targets because they store student records, financial aid details, payroll data and alumni information in central systems. A single breach can create long term exposure across multiple groups.
Affected individuals are advised to review official notifications carefully, enroll in identity protection services, monitor financial statements, consider a credit freeze, remain cautious of related calls or emails, and keep all devices and software updated.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
