University of Phoenix breach tied to Clop campaign exploiting Oracle E-Business Suite CVE-2025-61882


Posted in: Phoenix, Arizona, United States of America
University of Phoenix breach tied to Clop campaign exploiting Oracle E-Business Suite CVE-2025-61882

University of Phoenix breach tied to Clop campaign

The University of Phoenix in Phoenix, Arizona disclosed a data breach on its official website that is linked to a Clop ransomware gang extortion campaign targeting Oracle E-Business Suite instances in August 2025.

The incident was detected on November 21, after the extortion group added the breach to its data leak site.

Scope and method

Attackers exploited a zero-day vulnerability in the Oracle E-Business Suite financial application to steal a wide range of personal and financial information belonging to students, staff, and suppliers.

Accessed data includes names and contact information, dates of birth, social security numbers, and bank account and routing numbers for numerous current and former students, employees, faculty and suppliers.

University response

The university said the unauthorized third party accessed the information without authorization and that it will review the impacted data and provide the required notifications to affected individuals and regulatory entities. Affected individuals will receive a letter via US Mail outlining the details of the incident and next steps.

Campaign context

The breach is part of a Clop ransomware gang extortion campaign that has exploited the CVE-2025-61882 zero-day flaw to steal sensitive documents from Oracle EBS platforms since early August 2025.

Clop has also targeted Harvard University and the University of Pennsylvania, which confirmed Oracle EBS breaches affecting their students and staff.

Broader impact

The extortion group compromised Oracle EBS instances of dozens of companies worldwide and leaked the stolen data on its dark web site, including victims such as GlobalLogic, Logitech, The Washington Post, and Envoy Air, a subsidiary of American Airlines.

Background on Clop’s activities

Clop has previously conducted data theft campaigns targeting GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer, the latter affecting more than 2,770 organizations.

Other university incidents

Since late October, several U.S. universities have reported voice phishing attacks; Harvard University, the University of Pennsylvania, and Princeton University disclosed breaches of systems used for development and alumni activities to steal the personal information of donors, staff, students, alumni, and faculty.

#News
📍 Phoenix, Arizona, United States of America
Posted on: Dec. 4, 2025, 1:46 p.m. | By: Christopher