By Sergiu Gatlan
Publication Date: 2025-12-03 13:23:00
The University of Phoenix (UoPX) has joined a growing list of US universities caught in a Clop data theft campaign in August 2025 that targeted vulnerable Oracle E-Business Suite instances.
UoPX was founded in 1976 and is headquartered in Phoenix, Arizona. UoPX is a private, for-profit university with nearly 3,000 academic staff and over 100,000 enrolled students.
The university disclosed the data protection breach on its official website on Tuesday, while its parent company, Phoenix Education Partners, filed a lawsuit 8-K shape with the US Securities and Exchange Commission (SEC).
UoPX said it discovered the incident on November 21 (after the extortion group added it to its data leak page) and found that the attackers exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application to steal a variety of sensitive personal and financial information from students, employees and suppliers.
“We assume that the unauthorized third party has received certain personal data…”