University of Phoenix Company CyberSecurity Posture

uof.ph
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

University of Phoenix has helped pioneer online education since launching online courses in 1989. Today, as one of the largest online universities in the world, we’re still innovating by reinventing the model of higher education for a changing world. The first step in our ongoing evolution is the launch of Career Services for Life™. We don’t stop at graduation. Because these days, you need more than an education. Whether you’re actively pursuing a degree with us or graduated long ago, you can count on University of Phoenix to be by your side throughout your entire career. To learn more about Career Services for Life®, visit phoenix.edu Follow UOPX on Medium: https://universityofphoenix.medium.com

University of Phoenix A.I CyberSecurity Scoring

UP

Company Details

Linkedin ID:

university-of-phoenix

Website:

https://uof.ph/resourcelinks

Employees number:

7,162

Number of followers:

1,104,540

NAICS:

6113

Industry Type:

Higher Education

Homepage:

uof.ph

IP Addresses:

Scan still pending

Company ID:

UNI_1245533

Scan Status:

In-progress

AI scoreUP Risk Score (AI oriented)

Between 750 and 799

https://images.rankiteo.com/companyimages/university-of-phoenix.jpeg
UP Higher Education
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreUP Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/university-of-phoenix.jpeg
UP Higher Education
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

University of Phoenix

Fair
Current Score
770
Baa (Fair)
01000
1 incidents
-38.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
770
NOVEMBER 2025
807
Cyber Attack
21 Nov 2025 • Princeton University, Oracle Corporation and Phoenix Education Partners: University of Phoenix data breach impacts nearly 3.5 million individuals
Clop Ransomware Gang Steals Data of 3.5 Million University of Phoenix Students and Staff

**Clop Ransomware Gang Steals Data of 3.5 Million from University of Phoenix** The Clop ransomware gang has stolen the personal and financial data of nearly **3.5 million** individuals—including current and former students, staff, and suppliers—after breaching the **University of Phoenix (UoPX)** network in **August 2025**. The attack was part of a broader extortion campaign exploiting a **zero-day vulnerability (CVE-2025-61882)** in **Oracle E-Business Suite (EBS)**, a financial application used by the university. UoPX, a private for-profit institution based in **Phoenix, Arizona**, detected the breach on **November 21** after Clop listed the university on its data leak site. The stolen data includes **names, contact details, dates of birth, Social Security numbers, and bank account information**. In early December, the university publicly disclosed the incident and filed an **8-K report with the U.S. Securities and Exchange Commission (SEC)**. On **Monday**, UoPX confirmed in notification letters filed with **Maine’s Attorney General** that **3,489,274 individuals** were affected. The university is offering **free identity protection services**, including credit monitoring, dark web surveillance, and a **$1 million fraud reimbursement policy**. While UoPX has not officially attributed the attack, the tactics align with Clop’s recent campaign targeting **Oracle EBS vulnerabilities**. Other U.S. universities, including **Harvard and the University of Pennsylvania**, have also reported similar breaches linked to the same exploit. Clop has a history of high-profile data theft operations, previously targeting **GoAnywhere MFT, Accellion FTA, MOVEit Transfer, Cleo, and Gladinet CentreStack**. The U.S. Department of State has offered a **$10 million reward** for information connecting the gang’s activities to a foreign government. In a separate wave of attacks since **late October**, multiple universities—including **Harvard, Princeton, and the University of Pennsylvania**—have also fallen victim to **voice phishing (vishing) attacks**, compromising systems tied to development and alumni activities.

769
critical -38
PRIORAUNI1766419165
Incident Details -
Type
Data Breach, Ransomware
Attack Vector
Exploitation of zero-day vulnerability (CVE-2025-61882)
Vulnerability Exploited
CVE-2025-61882 (Oracle E-Business Suite)
Motivation
Extortion, Data Theft
Impact
Data Compromised: 3,489,274 records Systems Affected: Oracle E-Business Suite (EBS) financial application Brand Reputation Impact: Yes Legal Liabilities: Potential regulatory fines and legal actions Identity Theft Risk: Yes Payment Information Risk: Yes
Response
Communication Strategy: Public disclosure on official website, SEC filing, notification letters to affected individuals
Data Breach
Personal Information Financial Information Number Of Records Exposed: 3,489,274 Sensitivity Of Data: High (Social Security numbers, bank account and routing numbers, dates of birth, contact information) Data Exfiltration: Yes Personally Identifiable Information: Yes
Regulatory Compliance
Potential violations of data protection laws (e.g., FERPA, GDPR if applicable) Regulatory Notifications: Filed with Maine's Attorney General, SEC filing
Investigation Status
Ongoing
Customer Advisories
Free identity protection services offered (credit monitoring, identity theft recovery, dark web monitoring, $1 million fraud reimbursement policy)
Stakeholder Advisories
Notification letters mailed to affected individuals, public disclosure on website
Initial Access Broker
Entry Point: Oracle E-Business Suite (EBS) zero-day vulnerability (CVE-2025-61882)
Post Incident Analysis
Root Causes: Exploitation of zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882)
References
Blog URL Source URL
OCTOBER 2025
807
SEPTEMBER 2025
807
AUGUST 2025
807
JULY 2025
807
JUNE 2025
807
MAY 2025
807
APRIL 2025
807
MARCH 2025
807
FEBRUARY 2025
807
JANUARY 2025
807

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for University of Phoenix is 770, which corresponds to a Fair rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 807.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 807.

Over the past 12 months, the average per-incident point impact on University of Phoenix’s A.I Rankiteo Cyber Score has been -38.0 points.

You can access University of Phoenix’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/university-of-phoenix.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view University of Phoenix’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/university-of-phoenix.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.