What You Need to Know about the University of Phoenix Data Breach

The University of Phoenix was founded in 1976 and is headquartered in Phoenix, Arizona, as a private, for-profit university designed for working adults and non-traditional students balancing family, career, and education. Accredited by the Higher Learning Commission, the institution later became one of the first online universities, offering personal support, career guidance, and flexible learning opportunities through over 100 programs.

With its broad trend across education and public-sector organizations, the university is considered data-rich, making it a prime target for hackers. The school recently became one of the many victims of the Oracle E-Business Suite (EBS) hack. This incident is allegedly attributed to the Clop ransomware group and reportedly affected nearly 3.5 million individuals, including university employees, suppliers, current and former students, and faculty.

According to a publication on the school’s website, the unauthorized third party exploited a previously unknown software vulnerability in Oracle E-Business Suite (EBS) to steal certain data from the institution’s Oracle EBS environment. Upon detecting the breach, the university conducted an investigation that revealed what was compromised. Compromised data includes names, Social Security numbers, contact information, dates of birth, and bank account and routing numbers.

The university is currently reviewing the impacted data and has started notifying relevant regulatory entities and the affected individuals. While the cybercriminals suspected to have exfiltrated the institution’s data in this breach have made public hundreds of gigabytes of files allegedly stolen from other victims’ systems, no University of Phoenix data appears to have been leaked. 

When Was the University of Phoenix Data Breach?

The threat actors in the recent data breach that compromised the University of Phoenix’s systems had more than three months of potential dwell time within the institution’s system environment. While the compromise occurred between August 13 and 22, 2025, the university did not detect the unauthorized access until November 21, 2025, after Clop listed it on its data leak site.

Once detected, the institution quickly took steps to investigate the incident and respond with the help of some third-party cybersecurity firms. The university also installed Oracle EBS software patches to immediately remediate the vulnerability. While the University of Phoenix has yet to pin the cyber incident on a specific cybercriminal group, many believe the Clop ransomware group is responsible for the attack. Clop is widely known for large-scale data-extortion attacks, often targeting zero-day flaws in enterprise software. 

How to Check If Your Data Was Breached

Breach-check websites, such as Have I Been Pwned, allow you to check whether your data has been compromised in a data incident. You can search any of these sites with your email address or any other available parameter to find out if your information was exposed by the recent University of Phoenix’s data breach. 

While the university has informed regulators, including the Maine Attorney General, about the incident, it is also currently mailing data breach notification letters to those affected. If you receive this letter, then the breach may have affected your personal information. You should also keep checking the university’s Media Center page online for updates on the incident. If you are a current or former University of Phoenix employee or student, keep an eye on your mailbox at this time, as data breach notification letters are typically sent by mail. 

You can also check your bank and credit card statements to find out if the incident compromised your data. Unusual charges or transactions you don’t recognize on any of your statements are strong indications that your information may have been exposed. Increased phishing attempts can also mean that your data has been breached.

What to Do If Your Data Was Breached

If you were affected by the data breach, it is important to explore your options. Continue to review your account statements and credit reports regularly and promptly notify law enforcement when you notice any suspicious activity. Additionally, be sure to report it to your financial institution immediately. 

The University of Phoenix is offering those impacted by the breach incident 12 months of free identity protection services through IDX. These services include 12 months of dark web monitoring, credit monitoring, fully managed identity theft recovery services, and a $1 million identity fraud loss reimbursement policy. Be sure to enroll in these services on or before March 22, 2026.

You may also consider putting a security freeze on your credit file if your data was breached in the University of Phoenix data incident. This helps prevent unauthorized individuals from opening new credit in your name without the PIN issued to you when you initiate the freeze.

Additionally, you can contact any of the major credit reporting agencies to place a fraud alert on your credit report. A fraud alert is designed to inform creditors of fraudulent activity within your report. It mandates creditors to contact you before establishing any accounts in your name, which helps prevent identity theft.

Are There Any Lawsuits Because of the Data Breach?

Two former students of the institution, Denis Rico and Mari Soliz, have sued the University of Phoenix for negligence following its announcement of the recent data breach. The proposed class action is filed in the U.S. District Court for the District of Arizona. Several law firms are also currently investigating the breach on behalf of individuals whose data may have been compromised and may be filing class action lawsuits against the institution.

Can My University of Phoenix Information Be Used for Identity Theft?

Yes. Data held by the University of Phoenix includes names, dates of birth, contact information, and Social Security numbers, which can be used for identity theft. If compromised, cybercriminals can use pieces of information such as these to commit financial fraud, the most common form of identity theft. They can open accounts in your name without authorization, open credit cards, and take out loans in your name without your knowledge.

Furthermore, a criminal may use your Social Security number to file a fraudulent tax return in your name and steal your refund. Your exposed information could also be used to secure a job or file for unemployment benefits, which may later affect your work history and social security benefits. Additionally, during an arrest, a criminal may give your name and other confidential information leaked in the University of Phoenix data breach to law enforcement. This automatically creates a false criminal record in your name.

What Can You Do to Protect Yourself Online?

Data breaches are becoming a part of modern life, but being affected by one can be unsettling. Whether you get a notice that your personal information was exposed in the University of Phoenix data incident or not, it is essential to know what to do to protect your personal information online from cyberattacks.

The following are common tips to protect yourself online and mitigate the damage caused by a data breach:

• Stay abreast of trending data breaches by regularly checking updates on IDStrong.com, especially if any organization holding your information in its database experiences data incidents. This site provides updates on breaches, helping you respond appropriately as soon as updates are available.
• Monitor your financial accounts (credit cards, savings accounts, loans, and checking accounts) and online accounts regularly for suspicious activity. Enrolling in an identity protection service can help proactively monitor your financial accounts.
• Avoid sharing personal and financial information with unsolicited callers or through emails that appear to be from legitimate organizations requesting confidential data.
• Keep your internet devices, including mobile phones and computers, up to date with the latest version of browsers, operating systems, and security software.
• Enable multi-factor authentication (MFA) for your financial accounts and online accounts where possible. MFA enhances security by prompting you to access your accounts with at least two forms of identification, such as biometrics, security questions, or a one-time passcode (OTP) sent via email or SMS.
• Check your credit report and look closely for signs of identity theft.
• Avoid using public Wi-Fi, but if you must, never share any confidential data over a public network. Additionally, it is best to protect your home network with a strong password to prevent unauthorized access to your home network.
• Regularly change your passwords, especially for accounts that hold confidential information. When doing this, be sure to use a strong password, typically a mix of numbers, letters (lower and upper cases), and special characters. Additionally, change your passwords immediately if you believe your data has been exposed in a data breach. 
• If you suspect someone is using your personal information for malicious purposes, report it to law enforcement immediately.