- CL0P used Oracle E-Business Suite on Day 0 to steal data from the University of Phoenix.
- About 3.5 million people were affected. Stolen data included social security numbers, banking information and contact information.
- We offer privacy protection, credit monitoring, and a $1 million refund policy.
The University of Phoenix has confirmed that it was hit by CL0P ransomware hackers, resulting in the loss of millions of sensitive data.
In late August 2025, notorious Russian ransomware attacker CL0P discovered a zero-day vulnerability in Oracle E-Business Suite, a suite of integrated enterprise applications that organizations use to manage core business processes, including finance, human resources, supply chain, manufacturing, and purchasing.
CL0P used zero-day attacks to target several high-profile organizations, including Harvard University and the University of the Witwatersrand, stealing sensitive data and threatening to publish it on the dark web unless a ransom was paid.
inform the victim
In late November 2025, CL0P added the University of Phoenix to its data breach website and said the organization had also been attacked. Although the university was unaware of the violation at the time, an investigation was launched following CL0P’s allegations and the violation was confirmed.
It is currently known that sensitive data of approximately 3.5 million people has been stolen, including names, contact information, dates of birth, Social Security numbers, bank account numbers, and routing numbers. Alumni, staff, faculty and vendors were affected.
“Krupp made a splash this year by eliminating zero-day vulnerabilities in software used by large companies,” said Paul Bischoff, consumer privacy attorney at product comparison site Comparitech. silicone corner by email. “Specifically, Oracle E-Business Suite and Clio file transfer software were targeted. This attack on the University of Phoenix is possibly related to the first.”
To address this breach, the University notified all affected individuals and provided free privacy, credit monitoring, and darknet monitoring for 12 months. We have also implemented a $1 million fraud indemnity policy.
Comparitech also told the publication that this is the biggest ransomware attack of 2025.
“According to our data, this is the fourth largest ransomware attack in the world this year (in terms of those affected on record),” said Rebecca Moody, head of data research at Comparitech. “This highlights how companies face threats not only through attacks on their systems, but also through ransomware.”
