The University of Phoenix has reported a data breach that occurred due to a vulnerability in its Oracle eBusiness Suite software. Discovered on November 21, 2025, the breach exposed sensitive personal information of students, employees, faculty, and suppliers. The University is offering identity protection services to impacted individuals. Here’s what you need to know about the breach and your next steps.
The University of Phoenix’s Data Breach Investigation
On November 21, 2025, the University of Phoenix identified unusual activity linked to a vulnerability in its Oracle eBusiness Suite (EBS) software, which is used for managing administrative processes, including financial data. An investigation revealed that an unauthorized third party had exploited this software vulnerability, gaining access to personal information stored within the university’s EBS environment.
The breach was part of a larger cyberattack that targeted multiple organizations, including other academic institutions such as Dartmouth College. Upon detecting the breach, the University of Phoenix took immediate action, working with third-party cybersecurity firms to investigate the extent of the attack. The vulnerability was patched as soon as Oracle released the necessary updates in October 2025.
While the University continues to review the impacted data, it has confirmed that names, Social Security numbers, dates of birth, contact information, and bank account details of students, employees, faculty, and suppliers were exposed during the breach.
When Did This Breach Occur?
The breach occurred as early as October 2025, with the vulnerability being exploited between the time Oracle released the software patches and the discovery of the breach on November 21, 2025. The breach was officially reported on December 2, 2025, by Phoenix Education Partners, Inc., the University’s parent company, in a Form 8-K filing with the Securities and Exchange Commission (SEC).
What Information Was Breached?
The data exposed in the breach included the following types of personal information:
As of now, the University of Phoenix has found no evidence that this information has been misused, but it is still essential for those affected to remain vigilant and take protective measures.
What You Can Do
If you were affected by the University of Phoenix data breach, here are steps you should take to protect your information:
-
Enroll in the Complimentary Identity Protection Services: The University of Phoenix is offering affected individuals complimentary services through IDX, including credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity fraud reimbursement policy.
-
Monitor Your Credit: Regularly check your credit reports for any unauthorized changes or signs of identity theft.
-
Review Financial Statements: Keep an eye on your bank and credit card statements for suspicious activity.
-
Stay Alert for Phishing Attempts: Be cautious of unsolicited emails or phone calls asking for personal information.
Enrollment instructions for the identity protection services will be included in the notification letters sent to affected individuals.
File a Data Breach Lawsuit Against University of Phoenix
If your personal information was exposed in this breach, you may be eligible to join a class action lawsuit against the University of Phoenix. Joining the lawsuit could entitle you to compensation for damages, including identity theft, financial loss, or emotional distress caused by the breach.
Class Action U can help connect you with experienced attorneys who specialize in data breach lawsuits. If you received a notification letter or suspect your information was involved in the breach, you may have legal grounds to take action.
Contact Class Action U today for a free consultation to see if you qualify to join the class action lawsuit
