The University of Phoenix discovered a data breach on November 21 involving its Oracle E-Business Suite software platform (“Oracle EBS”). An unauthorized threat actor exploited a previously unknown software vulnerability in Oracle EBS to exfiltrate data within the University’s Oracle EBS environment. After the released patch was installed and an investigation was conducted, compromised data included names and contact information, dates of birth, Social Security numbers, and bank account and routing numbers for current and former students, employees, faculty, and suppliers. The University of Phoenix will provide notifications to impacted individuals and regulatory entities. It is recommended for affected individuals review the  Compromised PII and Identity Theft NJCCIC Informational Report.