The Clop ransomware group has compromised the data of approximately 3.5 million individuals associated with the University of Phoenix (UoPX), including students, faculty, and vendors following a breach of the university’s network in August.

Based in Phoenix, Arizona, UoPX is a private, for-profit institution established in 1976, currently serving over 100,000 students and employing nearly 3,000 academic staff.

In early December, the university announced the breach on its official website. Additionally, Phoenix Education Partners, the parent organization, submitted an 8-K filing with the U.S. Securities and Exchange Commission (SEC).

UoPX reported that it identified the breach on November 21, after Clop added the university’s information to its data leak site. Investigations revealed that the attackers took advantage of a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application to extract sensitive personal and financial data from current and former students, staff, and suppliers.

“We suspect that unauthorized individuals accessed sensitive personal data, which included names, contact details, dates of birth, social security numbers, and banking information relating to many current and former students, employees, faculty, and suppliers,” the institution asserted.

Andrea Smiley, UoPX’s Vice President for Public Relations, mentioned to BleepingComputer that UoPX is “assessing the affected data and will inform impacted individuals and regulatory bodies as required.”

On Monday, the university revealed in notification letters submitted to the office of Maine’s Attorney General and mailed to victims, that the breach has impacted 3,489,274 individuals.

In response to the breach, UoPX is providing complimentary identity protection services, which feature a $1 million fraud reimbursement guarantee, 12 months of credit monitoring, identity theft recovery, and dark web surveillance.

While the university has not yet directly linked the breach to any specific actions, the available information indicates that this incident is part of a Clop extortion scheme, wherein the ransomware group has exploited a zero-day vulnerability (CVE-2025-61882) since early August 2025 to extract data from numerous victims utilizing Oracle EBS platforms.

Clop has targeted various U.S. universities in a similar sequence of data theft incidents, including Harvard University and the University of Pennsylvania, both of which have confirmed Oracle EBS breaches affecting students and staff.

Clop has been involved in multiple data theft operations in the past, targeting GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo, and, more recently, Gladinet CentreStack clients.

The U.S. Department of State currently offers a $10 million reward for details connecting the activities of this cybercrime group to a foreign government.

Since late October, several other U.S. universities have also experienced breaches in voice phishing attacks, with Harvard University, the University of Pennsylvania, and Princeton University disclosing that systems used for fundraising and alumni relations were breached to acquire personal data of donors, students, alumni, staff, and faculty.

An inadequate IAM system doesn’t merely pertain to IT—it affects your entire organization.

This insightful guide elaborates on why conventional IAM approaches fall short in meeting contemporary requirements, illustrating examples of effective IAM solutions, and providing a straightforward checklist for developing a scalable strategy.

Get the guide