The University of Phoenix experienced a significant data breach affecting approximately 3.5 million individuals. The breach was linked to a campaign targeting Oracle’s E-Business Suite (EBS) and is believed to have occurred between August 13 and 22, 2025. The university became aware of the incident on November 21, shortly after the cybercriminals publicly named it as a victim. Compromised data includes names, dates of birth, Social Security numbers, and bank account information, although the university stated that this data was accessed without any means of exploitation. The University of Phoenix isn't alone in this incident. Other institutions such as the University of Pennsylvania, Harvard University, and Dartmouth College have also confirmed they were attacked in the same campaign. While data from several of these universities has allegedly been leaked, the University of Phoenix has not yet reported any stolen data being made public. This breach reflects a broader trend of cybercriminals targeting educational institutions, raising concerns about the security of personal information held by universities. The situation underscores the ongoing risks associated with higher education data management and cyber threats.