Personal information leak of 3.5 million people at the University of Phoenix in the United States... Oracle's zero-day vulnerability has been exploited

One of the largest online universities in the United States, the University of Phoenix, has suffered a personal information leak due to a hacker attack, raising concerns about cybersecurity vulnerabilities once again. This intrusion was carried out by the Russian hacker group 'Clop' using a zero-day vulnerability in Oracle's Enterprise Resource Planning solution (EBS), affecting a total of 3.5 million victims.

The incident officially came to light in mid-November after Clop publicly disclosed the university's name on a dark web leak site. However, investigations revealed that the actual malicious intrusion had occurred as early as August, with the school noticing it significantly late. Hackers penetrated the internal network through undisclosed security vulnerabilities in Oracle's EBS and subsequently expanded access to sensitive personal information and financial records.

Clop is a multinational cybercrime group that specifically exploits "zero-day" vulnerabilities in enterprise software to steal data and leak information in an unencrypted manner, as well as to implement extortion. This year alone, it has attacked dozens of large enterprises and public institutions. The recent incident at the University of Phoenix is also in line with Clop's customary Oracle EBS attack methods. Privacy expert Paul Bischoff from the comparison website Comparitech pointed out: "Clop is indiscriminately targeting zero-day vulnerabilities in enterprise software this year," and "this incident similarly stems from a sustained infiltration attempt on the EBS system."

The leaked information includes names, contact information, dates of birth, social security numbers, bank account and routing numbers, and other financial and identity identification data, posing a high risk of secondary damages. Although the University of Phoenix has not formally identified Clop as responsible, existing evidence points to the organization as the mastermind behind the intrusion.

The university is currently sending notifications to victims via email, promising to provide a year of free identity protection services, credit monitoring, dark web monitoring, and fraud compensation of up to $1 million (approximately 1.44 billion Korean won). Although these remedial measures have been initiated, critics point out that without systematic security reinforcement, it remains difficult to prevent a recurrence of the incident.

This incident is the fourth largest-scale hacker attack since 2025, confirming that the risk of ransomware is no longer limited to system paralysis but has expanded into the realm of personal information leakage. According to statistics, this incident ranks fourth globally this year in terms of damage scale, warning that educational institutions and enterprises urgently need to strengthen security checks and post-incident responses for third-party solutions.

Security experts emphasize that this intrusion is not merely a hacker attack, but a precise infiltration relying on structural vulnerabilities in the core systems of enterprises. It necessitates a re-planning of overall defense strategies, including real-time patch application, legacy system isolation, and strengthening threat hunting systems.