Page last updated on December 2, 2025
Phoenix Education Partners, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2025-12-02 16:23:08 EST.
Company Summary
The University of Phoenix is a private for-profit university offering open-enrollment accredited degree programs.
Incident Details
Material: No
Is Breach: Yes
Records Compromised: Unknown
Data Types Impacted: Other, Bank account number, Social Security Number, Date of Birth, Phone Number, Email, Name
Compromised Date: 2025-07-31
Detected Date: 2025-11-21
Disclosure Date: 2025-12-02
Contained Date: Unknown
Recovered Date: Unknown
Attack Goal: Unknown
Attack Tactics1: TA0001, TA0010
Attack Techniques1: OTHER, T1213
Costs: Not Tracked (yet)
- Incident response (Indirect): Not Tracked (yet)
- Forensics (Indirect): Not Tracked (yet)
- Legal (Indirect): Not Tracked (yet)
- Regulatory fines (Indirect): Not Tracked (yet)
- Business interruption (Indirect): Not Tracked (yet)
- Non-itemized costs (Indirect): Not Tracked (yet)
Filings
8-K filed on 2025-12-02
Phoenix Education Partners, Inc. filed an 8-K at 2025-12-02 16:23:08 EST
Accession Number: 0000950142-25-003098
Item 8.01 Other Events.
The University of Phoenix, Inc., a subsidiary of Phoenix Education Partners, Inc. (including the University, the "Company"), recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform ("Oracle EBS"). The Company is one of a number of organizations, including other academic institutions, from which an unauthorized third-party exfiltrated data by exploiting a previously unknown software vulnerability in Oracle EBS. The incident did not impact the business operations or student programming of the Company.
Upon detecting the incident on November 21, 2025, the Company promptly took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. While the investigation remains ongoing, at this time, the Company believes that the software vulnerability was used in August 2025 to copy certain data maintained in the Company's Oracle EBS environment. The Company promptly installed Oracle EBS software patches to remediate the vulnerability following their release in October 2025. The Company believes that certain personal information, including names and contact information, dates of birth, social security numbers, and bank account and routing numbers, with respect to numerous individuals was accessed without authorization. To the Company's knowledge, the unauthorized third-party has not publicly disseminated the data. The Company is continuing to review the impacted data and will provide the required notifications to affected parties and applicable regulatory entities.
As of the date of this filing, the Company believes that the incident will not have a material adverse effect on its business operations or student programming. The Company continues to investigate the incident and will incur expenses in the fiscal year directly and indirectly related to the event. The Company maintains a comprehensive cybersecurity insurance policy, which covers costs associated with the incident response, investigatory and remediation expense, potential regulatory action, business interruption, and costs associated with investigating, defending, and resolving legal proceedings related to the incident, subject to deductibles, exclusions and limits.
Company Information
| Name | Phoenix Education Partners, Inc. |
| CIK | 0001600222 |
| SIC Description | Services-Educational Services |
| Ticker | PXED - NYSE |
| Website | |
| Category | Emerging growth company |
| Fiscal Year End | August 30 |