A significant cybersecurity incident involving the University of Phoenix has compromised the personal information of 64,161 South Carolina residents. The breach, which stems from a vulnerability in the university’s software systems, has exposed sensitive data including names and Social Security numbers.
Nationally, the breach has reportedly affected approximately 3.5 million individuals, including current and former students, faculty, employees, and suppliers.
What Happened?
The University of Phoenix discovered the incident on November 21, 2025. Following an investigation with third-party cybersecurity firms, the university determined that an unauthorized third party exploited a previously unknown vulnerability in the Oracle E-Business Suite (Oracle EBS).
The unauthorized access occurred earlier in the year, between August 13 and August 22, 2025. During this ten-day window, the attackers were able to exfiltrate data from the university’s systems before the vulnerability was detected.
Impact on South Carolinians
While the university has begun mailing notification letters to affected individuals, the scope of the breach is substantial in the Palmetto State, affecting over 64,000 residents. The compromised information potentially includes:
-
Full Names
-
Social Security Numbers
-
Other Personal Identifiers potentially associated with university records.
The university noted that individuals might be affected even if they do not recall a direct recent relationship with the institution, as the data could belong to former applicants, suppliers, or long-past students.
University Response and Consumer Safety
In response to the breach, the University of Phoenix has notified law enforcement and implemented measures to enhance security to prevent future incidents.
To support those affected, the university is offering complimentary identity protection services through IDX. These services include:
-
Credit and Dark Web Monitoring
-
$1 Million Identity Fraud Loss Reimbursement Policy
-
Fully Managed Identity Theft Recovery Services
The deadline to enroll in these complimentary services is March 22, 2026.
Steps to Protect Your Data
Residents who receive a notification letter or believe they may be affected are urged to take immediate protective steps:
-
Enroll in Protection Services: Visit https://response.idx.us/uphoenix/ or call 1-833-353-7866 to enroll using the code provided in the letter.
-
Monitor Accounts: Vigilantly review account statements and credit reports for suspicious activity.
-
Consider a Security Freeze: Residents have the right to place a security freeze on their credit files at no cost, which prevents new credit from being opened in their name without a PIN.
-
Place a Fraud Alert: A free initial fraud alert can be placed on credit reports, requiring creditors to contact you before establishing new accounts.
For further assistance, affected individuals can contact the dedicated call center at 1-833-353-7866, Monday through Friday from 7:00 a.m. to 7:00 p.m. Mountain Time.
Feeling lost in the digital world? Dr. Tom is here to help!
Join Dr. Tom every week in his column, Dr. Tom’s Cyber Bits and Tips, for byte-sized advice on all things cyber and tech. Whether you’re concerned about online safety, curious about the latest cybercrime trends, or simply want to navigate the ever-evolving digital landscape, Dr. Tom has you covered.
From practical cybersecurity tips to insightful breakdowns of current threats, Dr. Tom’s column empowers you to stay informed and protect yourself online. So, dive in and get savvy with the web – with Dr. Tom as your guide!
Sign up for our Sunday Spectator. Delivered to your inbox every Sunday, with all the news from the week.
