Read the original SEC filing excerpt
Item 8.01 Other Events. The University of Phoenix, Inc., a subsidiary of Phoenix Education Partners, Inc. (including the University, the Company), recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform (Oracle EBS). The Company is one of a number of organizations, including other academic institutions, from which an unauthorized third-party exfiltrated data by exploiting a previously unknown software vulnerability in Oracle EBS. The incident did not impact the business operations or student programming of the Company. Upon detecting the incident on November 21, 2025, the Company promptly took steps to investigate and respond with the assistance of leading third-party cybersecurity firms. While the investigation remains ongoing, at this time, the Company believes that the software vulnerability was used in August 2025 to copy certain data maintained in the Company's Oracle EBS environment. The Company promptly installed Oracle EBS software patches to remediate the vulnerability following their release in October 2025. The Company believes that certain personal information, including names and contact information, dates of birth, social security numbers, and bank account and routing numbers, with respect to numerous individuals was accessed without authorization. To the Company's knowledge, the unauthorized third-party has not publicly disseminated the data. The Company is continuing to review the impacted data and will provide the required notifications to affected parties and applicable regulatory entities. As of the date of this filing, the Company believes that the incident will not have a material adverse effect on its business operations or student programming. The Company continues to investigate the incident and will incur expenses in the fiscal year directly and indirectly related to the event. The Company maintains a comprehensive cybersecurity insurance policy, which covers costs associated with the incident response, investigatory and remediation expense, potential regulatory action, business interruption, and costs associated with investigating, defending, and resolving legal proceedings related to the incident, subject to deductibles, exclusions and limits.