University of Phoenix’s Russian Cyber Breach: Another Symptom of a System in Decline

[Editor's note: The Higher Education Inquirer has been tracking cybercrime and FAFSA fraud in higher education. In August, we covered ghost students at a number of schools. It's notable that the University of Phoenix identified the Russian cybersecurity breach the day after its parent company's Earnings Call.]

The University of Phoenix has disclosed a major Russian cyber breach that again raises serious questions about governance, infrastructure, and public accountability at one of the most scrutinized institutions in American higher education. According to the institution, the intrusion began in August 2025, when attackers exploited a zero-day vulnerability in Oracle’s E-Business Suite, the enterprise financial system the university uses to manage sensitive operational and personal data.

The breach went undetected for months. By the time University of Phoenix identified the incident on November 21, 2025, the attackers had already siphoned personal and financial information belonging to students, faculty, staff, and suppliers. The university has confirmed that the attack is part of an extortion campaign associated with the Clop ransomware gang, known for targeting large organizations running legacy Oracle and MOVEit systems.

While the university has emphasized that it is still “reviewing the impacted data,” what that means in practice is that thousands of people now face an extended period of uncertainty, waiting to learn what information—Social Security numbers, banking records, home addresses, transcripts, or vendor payment details—may now be circulating beyond the institution’s control. Because the compromised Oracle EBS platform sits at the center of finance, payroll, procurement, and accounts receivable, the range of possible exposure is significant.

The breach intersects with a larger pattern. University of Phoenix has long branded itself as a technologically adept institution serving working adults, yet this incident lays bare the vulnerabilities created by years of cost-cutting, outsourcing, and reliance on aging software. This model—common across the for-profit sector—treats cybersecurity as a compliance box rather than a core operational priority. When institutions depend on brittle infrastructure while managing large volumes of sensitive data, the result is predictable: preventable failures that impose real harm on people with little recourse.

Higher education, especially the for-profit sector, has chronically underinvested in secure, modernized systems even as it continues to collect data from some of the country’s most economically vulnerable students. The University of Phoenix breach underscores this contradiction. An institution with a long record of federal investigations, poor student outcomes, and aggressive recruiting now faces yet another crisis of trust—one that cannot be brushed aside with templated notifications or promises of future improvements.

Whether this breach becomes a catalyst for reform is uncertain. Much depends on how transparent the university chooses to be, whether it fully informs regulatory agencies, and whether affected individuals receive more than form letters and a year of credit monitoring. If prior incidents across the sector are any indication, meaningful accountability may once again be elusive.

But the stakes remain high. Breaches of this scale do not simply reflect technical flaws; they reflect policy choices. The people who pay the price are not executives or investors but students, staff, faculty, and contractors whose data is now at risk—individuals who entrusted the university with information essential to their livelihoods.

Sources
University of Phoenix public disclosure, November 2025
Oracle E-Business Suite vulnerability reporting
Clop ransomware gang activity reports
Higher education cybersecurity incident archives

The Rise of Ghost Students: AI-Fueled Fraud in Higher Education

Colleges across the United States are facing an alarming increase in "ghost students"—fraudulent applicants who infiltrate online enrollment systems, collect financial aid, and vanish before delivering any academic engagement. The problem, fueled by advances in artificial intelligence and weaknesses in identity verification processes, is undermining trust, misdirecting resources, and placing real students at risk.

What Is a Ghost Student?

A ghost student is not simply someone who drops out. These are fully fabricated identities—sometimes based on stolen personal information, sometimes entirely synthetic—created to fraudulently enroll in colleges. Fraudsters use AI tools to generate admissions essays, forge transcripts, and even produce deepfake images and videos for identity verification.

Once enrolled, ghost students typically sign up for online courses, complete minimal coursework to stay active long enough to qualify for financial aid, and then disappear once funds are disbursed.

Scope and Impact

The scale of the problem is significant and growing:

• California community colleges flagged approximately 460,000 suspicious applications in a single year—nearly 20% of the total—resulting in more than $11 million in fraudulent aid disbursements.

• The College of Southern Nevada reported losing $7.4 million to ghost student fraud in one semester.

• At Century College in Minnesota, instructors discovered that roughly 15% of students in a single course were fake enrollees.

• California's overall community college system reported over $13 million in financial aid losses in a single year due to such schemes—a 74% increase from the previous year.

The consequences extend beyond financial loss. Course seats are blocked from legitimate students. Faculty spend hours identifying and reporting ghost students. Institutional data becomes unreliable. Most importantly, public trust in higher education systems is eroded.

Why Now?

Several developments have enabled this rise in fraud:

1. The shift to online learning during the pandemic decreased opportunities for in-person identity verification.

2. AI tools—such as large language models, AI voice generators, and synthetic video platforms—allow fraudsters to create highly convincing fake identities at scale.

3. Open-access policies at many institutions, particularly community colleges, allow applications to be submitted with minimal verification.

4. Budget cuts and staff shortages have left many colleges without the resources to identify and remove fake students in a timely manner.

How Institutions Are Responding

Colleges and universities are implementing multiple strategies to fight back:

Identity Verification Tools
Some institutions now require government-issued IDs matched with biometric verification—such as real-time selfies with liveness detection—to confirm applicants' identities.

Faculty-Led Screening
Instructors are being encouraged to require early student engagement via Zoom, video introductions, or synchronous activities to confirm that enrolled students are real individuals.

Policy and Federal Support
The U.S. Department of Education will soon require live ID verification for flagged FAFSA applicants. Some states, such as California, are considering application fees or more robust identity checks at the enrollment stage.

AI-Driven Pattern Detection
Tools like LightLeap.AI and ID.me are helping institutions track unusual behaviors such as duplicate IP addresses, linguistic patterns, and inconsistent documentation to detect fraud attempts.

Recommendations for HEIs

To mitigate the risk of ghost student infiltration, higher education institutions should:

• Implement digital identity verification systems before enrollment or aid disbursement.

• Train faculty and staff to recognize and report suspicious activity early in the semester.

• Deploy AI tools to detect patterns in application and login data.

• Foster collaboration across institutions to share data on emerging fraud trends.

• Communicate transparently with students about new verification procedures and the reasons behind them.

Why It Matters

Ghost student fraud is more than a financial threat—it is a systemic risk to educational access, operational efficiency, and institutional credibility. With AI-enabled fraud growing in sophistication, higher education must act decisively to safeguard the integrity of enrollment, instruction, and student support systems.

---

Sources

• CrossHackers: https://www.crosshackers.com/fake-enrollments

• SF Chronicle: https://www.sfchronicle.com/bayarea/article/community-college-financial-aid-fraud-20325192.php

• SFGate: https://www.sfgate.com/bayarea/article/ghost-students-creating-problem-calif-colleges-20311708.php

• Eye on Yavapai College: https://www.eyeonyavapaicollege.com/administration/fraudsters-attacking-colleges-using-ghost-online-enrollment-schemes

• Star Tribune: https://www.startribune.com/ghost-students-the-new-enrollment-fraud-scheme-minnesota-two-year-colleges-are-fighting/601329524

• Campus Reform: https://www.campusreform.org/article/ghost-students-invading-campuses-scamming-millions-of-dollars-away-and-blocking-out-real-undergrads/28295

• University Business: https://universitybusiness.com/what-can-institutions-do-about-the-rise-of-ghost-students

• JD Supra: https://www.jdsupra.com/legalnews/steps-colleges-should-take-to-bust-3949980

• Get VerifiNow: https://www.getverifinow.com/the-ghost-student-problem

• Intellicheck: https://www.intellicheck.com/resource-library/the-rise-in-ghost-students-how-fraudsters-use-fake-identities