University of Phoenix data breach class action lawsuit overview:
- Who: Tiaa Pointer filed a class action lawsuit against the University of Phoenix, its parent company Phoenix Education Partners and Oracle Corporation.
- Why: Pointer claims the defendants failed to properly safeguard the personally identifiable information of 3.5 million students during a data breach last year.
- Where: The class action lawsuit was filed in Texas federal court.
A new class action lawsuit alleges The University of Phoenix and Oracle Corporation failed to properly safeguard the personally identifiable information (PII) of 3.5 million students during an August 2025 data breach.
Plaintiff Tiaa Pointer claims the University of Phoenix and Oracle “failed to implement and maintain reasonable security measures” to protect students’ PII during the data breach.
Pointer argues an unauthorized third party exploited a vulnerability in Oracle’s E-Business Suite software in order to gain access to Oracle’s network systems and acquire files containing the PII of Oracle’s clients’ customers.
“Defendants owed a duty to Plaintiff and Class members to implement and maintain reasonable and adequate security measures to secure, protect, and safeguard their PII against unauthorized access and disclosure,” the University of Phoenix class action says.
Pointer wants to represent a nationwide class and Illinois subclass of individuals whose PII was accessed in the University of Phoenix data breach by unauthorized persons, including all who were sent a notice of the data breach.
University of Phoenix failed to notify students in timely manner, class action says
Pointer argues the University of Phoenix and Oracle failed to notify students that their PII had been accessed and acquired by unauthorized persons until one month after the data breach.
“Defendants’ failure to promptly notify Plaintiff and Class members that their PII was disclosed, accessed, and stolen virtually ensured that the unauthorized third parties who exploited those security lapses could monetize, misuse, or disseminate that PII before Plaintiff and Class members could take affirmative steps to protect their sensitive information,” the University of Phoenix class action says.
Pointer claims the University of Phoenix and Oracle are guilty of negligence, breach of implied contract and unjust enrichment, and of violating the Illinois Consumer Fraud and Deceptive Business Practices Act.
The plaintiff demands a jury trial and requests declaratory and injunctive relief and an award of actual, statutory and punitive damages for herself and all class members.
In other ongoing data breach lawsuits, a consumer has accused Under Armour failed to properly safeguard and secure sensitive customer data during a November 2025 data breach.
Were you affected by the University of Phoenix data breach? Let us know in the comments.
The plaintiff is represented by Bruce W. Steckler of Steckler Wayne & Love PLLC and Ben Barnow and Anthony L. Parkhill of Barnow and Associates, P.C.
The University of Phoenix data breach class action lawsuit is Pointer, et al. v. The University of Phoenix, Inc., et al., Case No. 1:26-cv-00009, in the U.S. District Court for the Western District of Texas.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
