Oxford University careers platform hit by third-party data breach

Published: 6 June 2026
University of Oxford
Image by Tetiana SHYSHKINA/ Unsplash
Key takeaways:
  • Oxford's CareerConnect platform was affected by a breach at third-party provider GTI.
  • Users' names, email addresses and, for some users, encrypted passwords, were exposed.
  • There is no evidence that Oxford's own systems, financial information, course data, uploaded files or appointment information were compromised.

The University of Oxford said its CareerConnect careers platform, managed by third-party provider Group GTI, was compromised in a security breach.

In a notice shared by Oxford University’s Careers Service, the institution said that cybercriminals accessed users’ first names, last names, and e-mail addresses. They were also able to access encrypted passwords for those who do not sign in using Single Sign-On (SSO).

ADVERTISEMENT

This means that users who use SSO only had their names and e-mail addresses compromised in the breach.

Oxford did not specify how many CareerConnect users were affected, but said that “alumni, research staff and employer users” would be required to reset their passwords when they next sign in.

The University added that there is no evidence that course information, uploaded files, appointment information, or financial information were affected. GTI said that the breach appeared to be aimed at harvesting credentials, potentially for future phishing attacks.

GTI has since patched the vulnerability and implemented additional security measures, according to Oxford.

The University reiterated that the incident relates to a third-party system, adding that there is no evidence of a compromise to its own systems.

“The main precaution at this stage is to remain alert to phishing or scam emails and to ensure devices used for work or study are appropriately protected,” the notice says.

Affected users will be contacted in case there is any further action necessary, but for now, Oxford said that the CareerConnect platform “has now been secured” and that there is “no immediate action needed”.

Users are advised to stay alert to any suspicious emails or messages, verify requests for personal or financial information, and remember that the University will never ask for a password by email or message.

ADVERTISEMENT

The breach is unrelated to the security incident involving Canvas earlier this month, when Oxford temporarily disabled access to its Canvas platform after a global breach affected its service provider, Instructure. The company confirmed that the affected data includes names, email addresses, student ID numbers, and user messages.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked