Overview
- Regulatory letters filed with Maine’s attorney general and mailed to victims confirm 3,489,274 people were impacted, with names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers exposed.
- Investigators say the intrusion occurred between August 13 and 22 and was detected on November 21 after the university was listed on Clop’s leak site, and no University of Phoenix data has appeared publicly to date.
- The breach targeted Oracle E‑Business Suite via CVE‑2025‑61882 in a wider campaign associated by security researchers with Clop, though the university has not formally attributed the attack.
- Affected individuals are being offered 12 months of credit monitoring, identity theft recovery, dark web monitoring, and a $1 million fraud reimbursement policy.
- Other universities using Oracle EBS, including Harvard, the University of Pennsylvania, and Dartmouth, have reported related breaches, and the U.S. State Department has posted a $10 million reward linked to the gang’s activities.