- Cl0p exploited Oracle E-Business Suite zero-day and stole data from the University of Phoenix
- Almost 3.5 million people affected; The stolen data includes social security numbers, banking details and contact information.
- The university offers identity protection, credit monitoring and a $1 million fraud refund policy
The University of Phoenix has confirmed that it fell victim to Cl0p ransomware hackers and lost confidential data of millions of people.
In late August 2025, infamous Russian ransomware actor Cl0p found a zero-day vulnerability in Oracle’s E-Business Suite, an integrated set of business applications that organizations use to manage core business processes such as finance, human resources, supply chain, manufacturing, and procurement.
Cl0p used zero-day to attack numerous high-profile organizations, including Harvard University and the University of the Witwatersrand, stealing their sensitive data and then threatening to publish it on the dark web unless a ransom was paid.
Notify victims
In late November 2025, Cl0p added the University of Phoenix to its data breach website, claiming to have affected this organization as well. At the time, the University was not aware of any violations; However, after Cl0p’s claims, an investigation was launched that confirmed the compromise.
We now know that nearly 3.5 million people have had their sensitive data stolen, including full names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers. All alumni, employees, faculty and vendors are affected.
“Clop has wreaked havoc this year, targeting zero-day vulnerabilities in software used by large companies,” said Paul Bischoff, consumer privacy advocate at product comparison site Comparitech. SiliconANGLE via email. “Specifically, it targets Oracle’s E-Business Suite and Cleo file transfer software. This attack on the University of Phoenix is likely related to the first.”
To address the breach, the University notified all affected individuals and offered 12 free months of identity protection, credit monitoring, and dark web surveillance. It also established a $1 million fraud refund policy.
Comparitech also told the publication that this is the largest ransomware attack of 2025.
“According to our data, this is the fourth largest ransomware attack in the world this year (based on affected records),” said Rebecca Moody, head of data research at Comparitech. “It highlights the constant threat that companies face through ransomware and not just through attacks on their own systems.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
