- Cl0p exploited the Oracle E-Business Suite zero-day and stole data from the University of Phoenix
- Almost 3.5 million people are affected; stolen data includes SSNs, banking information and contact information
- The university offers identity protection, credit monitoring and 1 million USD fraud refund policy
The University of Phoenix has confirmed falling victim to Cl0p ransomware hackers and losing sensitive data on millions of people.
In late August 2025, notorious Russian ransomware actor Cl0p found a zero-day vulnerability in Oracle’s E-Business Suite, an integrated set of enterprise applications that organizations use to manage core business processes such as finance, HR, supply chain, manufacturing and procurement.
Cl0p used zero-day to target several high-profile organizations, including Harvard University and the University of the Witwatersrand, stealing their sensitive data and then threatening to release it on the dark web unless a ransom was paid.
Notifying the victims
In late November 2025, Cl0p added the University of Phoenix to its data breach site and claimed to have hit that organization as well. At the time, the university was not aware of any breach – but following Cl0p’s claims, an investigation was launched which confirmed the compromise.
We now know that almost 3.5 million people have had their sensitive data stolen, including full names, contact details, dates of birth, social security numbers and bank account and routing numbers. Former students, staff, faculty and suppliers are all affected.
“Clop has been on a rampage this year, targeting zero-day vulnerabilities in software used by large companies,” said Paul Bischoff, consumer protection advocate at product comparison site Comparitech. Silicon ANGLE via e-mail. “Specifically, it targets Oracle’s E-Business Suite and Cleo file transfer software. This attack on the University of Phoenix is most likely related to the former.”
To address the breach, the university notified all affected individuals and offered 12 months of free identity protection, credit monitoring and dark-web monitoring. It also created a $1 million refund policy for fraud.
Comparitech also told the publication that this is the biggest ransomware attack of 2025.
“According to our data, this is the fourth largest ransomware attack in the world this year (based on records affected),” said Rebecca Moody, head of data research at Comparitech. “It highlights the ongoing threat businesses face via ransomware and not just via attacks on their own systems.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
