- Cl0p exploited Oracle E‑Business Suite zero‑day, stealing data from University of Phoenix
- Nearly 3.5 million people affected; stolen data includes SSNs, bank details, and contact info
- University offers identity protection, credit monitoring, and $1M fraud reimbursement policy
The University of Phoenix has confirmed falling prey to Cl0p ransomware hackers and losing sensitive data on millions of people.
In late August 2025, the infamous Russian ransomware actor Cl0p found a zero-day vulnerability in Oracle’s E-Business Suite, an integrated set of enterprise applications that organizations use to manage core business processes such as finance, HR, supply chain, manufacturing, and procurement.
Cl0p used the zero-day to target numerous high-profile organizations, including Harvard University, and the University of the Witwatersrand, stealing their sensitive data and then threatening to release it on the dark web unless a ransom is paid.
Notifying the victims
In late November 2025, Cl0p added the University of Phoenix to its data leak website, claiming to have hit this organization as well. At the time, the University was not aware of any breaches - however, after Cl0p’s claims, an investigation was launched which confirmed the compromise.
Now, we know that almost 3.5 million people have had their sensitive data stolen, including full names, contact details, dates of birth, Social Security numbers and bank account and routing numbers. Former students, employees, faculty and suppliers, are all affected.
“Clop has been on a rampage this year, targeting zero-day vulnerabilities in software used by large enterprises,” Paul Bischoff, consumer privacy advocate at product comparison site Comparitech, told SiliconANGLE via email. “Specifically, it targets Oracle’s E-Business Suite and the Cleo file transfer software. This attack on the University of Phoenix is most likely related to the former.”
To tackle the breach, the University notified all affected individuals, and offered 12 months of free identity protection, credit monitoring, and dark-web surveillance. It also set up a $1 million fraud reimbursement policy.
Comparitech also told the publication that this is the biggest ransomware attack of 2025.
“According to our data, this is the fourth-largest ransomware attack in the world this year (based on records affected),” Rebecca Moody, head of data research at Comparitech said. “It highlights the ongoing threat that companies face via ransomware and not just via attacks on their own systems.”
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.