Find notable cyber news and cases, enriched with sources, timelines, and signals.

University of Phoenix hit by network compromise

Incident
First reported
Last updated
Happening score
H score 78
2 unique sources, 2 articles

Summary

Hide ▲

University of Phoenix disclosed a data breach after attackers accessed its Oracle E-Business Suite (EBS) financial application during August 13-22, 2025. The school said it detected the intrusion on November 21, 2025 after being named on Clop's data leak site, and it later disclosed the incident on December 2, 2025 with a filing by Phoenix Education Partners to the SEC. Notification letters confirmed 3,489,274 individuals were affected, including 9131 Maine residents, and the exposed data included names, contact information, dates of birth, Social Security numbers, and bank account and routing numbers. The incident is tied to a broader Clop campaign exploiting CVE-2025-61882 across more than 100 organizations, making it a significant education-sector breach with identity-theft and fraud risk.

Related Happenings

Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)

Security Patch Release
H score53 First: 29.06.2026 16:46 Last: 29.06.2026 16:46 Sources 1

About this happening: **Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...

Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)

Vulnerability
H score52 First: 29.06.2026 16:46 Last: 29.06.2026 16:46 Sources 1

About this happening: **Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...

Oracle PeopleSoft broad zero-day exploitation campaign

Exploitation Wave
H score82 First: 29.06.2026 13:00 Last: 29.06.2026 13:00 Sources 1

About this happening: A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...

Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)

Vulnerability
H score58 First: 11.06.2026 22:39 Last: 11.06.2026 22:39 Sources 1

About this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...

Latest development: 29.06.2026 23:40

Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.

University of Nottingham hit by cyberattack

Incident
H score68 First: 11.06.2026 10:27 Last: 11.06.2026 10:27 Sources 1

About this happening: **ShinyHunters**/**UNC6240** exploited **CVE-2026-35273**, a **zero-day** in **Oracle PeopleSoft Enterprise PeopleTools**, between **May 27 and June 9** to breach enterprise syste...

Timeline

  1. 23.12.2025 18:00 1 articles · 6mo ago

    University of Phoenix confirms 3,489,274 affected in Oracle EBS breach

    Victim Impact Update

    Notification letters submitted to the Maine Attorney General’s Office and affected individuals on Monday confirmed that 3,489,274 individuals were affected, including 9131 Maine residents. The compromised data included names, contact information, dates of birth, Social Security numbers, and bank account and routing numbers, and University of Phoenix is offering 12 months of credit monitoring, identity theft recovery assistance, dark web monitoring, and a $1m fraud reimbursement policy.

    Show sources
  2. 03.12.2025 15:23 1 articles · 7mo ago

    University of Phoenix detects Oracle E-Business Suite breach on November 21, 2025

    Exploitation Observed

    The University of Phoenix detected unauthorized access to its Oracle E-Business Suite (EBS) financial application on November 21, 2025, after the extortion group added it to a data leak site. The compromise involved CVE-2025-61882 and exposed sensitive personal and financial information tied to numerous current and former students, employees, faculty and suppliers.

    Show sources
  3. 03.12.2025 15:23 2 articles · 7mo ago

    University of Phoenix discloses breach and files SEC notice on December 2, 2025

    Initial Disclosure

    The University of Phoenix disclosed the breach on its official website on December 2, 2025, and Phoenix Education Partners filed an 8-K with the U.S. Securities and Exchange Commission (SEC). The university said it would review impacted data, notify affected individuals and regulatory entities, and send US Mail letters outlining the incident and next steps.

    Show sources