University of Phoenix Data Breach: 3.5 Million Affected by Cl0p Ransomware Campaign Exploiting Oracle EBS Zero-Day Vulnerabilities

In December 2025, the University of Phoenix confirmed a significant data breach affecting 3.5 million individuals. The breach was part of a larger campaign attributed to the Cl0p ransomware group, likely conducted by the FIN11 cluster. The attack exploited zero-day vulnerabilities in Oracle EBS (Enterprise Business Suite) software, allowing the threat actors to exfiltrate data between August 13 and August 22, 2025. The compromised data includes highly sensitive personally identifiable information (PII) such as names, dates of birth, Social Security numbers, and bank details. This type of data is particularly valuable to cybercriminals and can be used for identity theft, financial fraud, and other malicious activities. The exploitation of zero-day vulnerabilities in Oracle EBS highlights the critical importance of timely patch management and the challenges organizations face in protecting against unknown vulnerabilities. The fact that the attack occurred over a period of days suggests that the attackers had persistent access to the system, allowing them to exfiltrate a significant amount of data. This incident underscores the growing threat posed by ransomware groups and their ability to exploit zero-day vulnerabilities. The fact that more than 100 organizations were affected by this campaign indicates a widespread and coordinated effort by the threat actors. The breach at the University of Phoenix is a significant event that will likely have long-term consequences for those affected. From a cybersecurity perspective, this incident serves as a reminder of the importance of defense-in-depth strategies. Organizations should not rely solely on patch management but should also implement network segmentation, intrusion detection systems, and regular security audits. Additionally, the attribution to FIN11, a group known for its sophisticated tactics, techniques, and procedures (TTPs), suggests that organizations need to be vigilant against advanced persistent threats (APTs). Organizations using Oracle EBS should prioritize patch management and consider implementing additional security controls to mitigate the risk of similar attacks. Regular vulnerability scans and penetration testing can help identify and address potential weaknesses before they can be exploited by threat actors. Furthermore, organizations should have a robust incident response plan in place to quickly and effectively respond to data breaches.