· News · 1 min read
University of Phoenix: 3.5 Million Records via Oracle Zero-Day
The University of Phoenix just disclosed a breach affecting 3.5 million people — students, faculty, staff, and suppliers. Attackers exploited CVE-2025-61882, a zero-day in Oracle E-Business Suite, to steal the kind of data that ruins lives.
What Was Stolen
- Full names and contact details
- Dates of birth
- Social Security numbers
- Bank account and routing numbers
This isn’t just PII. This is everything needed for identity theft and financial fraud.
The Timeline
- August 2025: Attack and data theft occurred
- November 21, 2025: University finally detected the intrusion
- January 3, 2026: Notification letters sent
Three months of dwell time. The attackers were in and out before anyone knew.
The Pattern
This breach follows the Clop ransomware gang’s playbook: steal data quietly, don’t encrypt anything, disappear before detection. By the time you notice, it’s already for sale.
Financial systems like Oracle E-Business Suite hold the most sensitive data in any organization. If you’re not continuously monitoring what data lives in these systems, you’re flying blind.
Find out where your sensitive data lives with Risk Finder | Try Free Scanner