University of Oxford Reports Data Breach in CareerConnect Platform The University of Oxford has disclosed a data breach affecting its CareerConnect platform, a third-party service managed by Group GTI. The incident, detected on May 28, exposed users' first names, last names, email addresses, and encrypted passwords for those not using Single Sign-On (SSO). Passwords set locally on the platform have since been invalidated, requiring affected users to reset them. According to Group GTI, the breach appears to have been carried out to harvest credentials for phishing campaigns, though no evidence suggests that course details, uploaded files, appointment records, or financial data were accessed. This marks the second breach involving Oxford this year, following a May attack on Instructure’s Canvas learning management system by the ShinyHunters extortion gang, which compromised usernames, email addresses, messages, and course information. Oxford has confirmed that its internal systems remained secure in both incidents. Users of the CareerConnect platform have been advised to remain cautious of phishing or scam attempts leveraging the exposed data. The university continues to investigate the breach in coordination with Group GTI.

Oxford University Discloses Data Breach via Third-Party Career Platform The University of Oxford revealed a data breach last week after its third-party career services provider, Group GTI, reported that its CareerConnect platform had been compromised. The incident exposed personal data of students, alumni, research staff, and employer users across multiple UK universities, including Oxford, King’s College London, and the University of Manchester. The breach occurred on May 28, when attackers accessed users’ first and last names, email addresses, and encrypted passwords though only for those who logged in directly through CareerConnect rather than via Single Sign-On (SSO). Group GTI invalidated the affected passwords, requiring users to reset them upon next login. Oxford’s assessment indicated the attack was likely aimed at credential harvesting, potentially enabling future phishing campaigns. The university confirmed that no course details, financial data, or uploaded files were compromised, and its internal systems remained unaffected. A university spokesperson told BleepingComputer that the incident did not involve ransomware, and no attribution or claims of responsibility have been reported. This marks Oxford’s second data breach in 2025. In early May, the ShinyHunters extortion group breached Instructure’s Canvas learning management system, which Oxford uses. The hackers claimed to have stolen 280 million records from over 8,800 educational institutions globally. Instructure later confirmed the data was returned after negotiations, with logs verifying its destruction. Oxford stated that the exposed data included usernames, Canvas email addresses, user messages, course names, and enrollment details, but its own systems were not breached.