Blab Tech
Oxford University CareerConnect Platform Breach Exposes Student and Alumni Data
Oxford University announced on 4 June 2026 that its CareerConnect platform, supplied by Group GTI, was the target of a cyber‑attack that exposed users’ full names and email addresses. The breach also revealed encrypted passwords for users who do not authenticate through the university’s single‑sign‑on (SSO) system.
CareerConnect is part of Oxford’s career services department and is used by students, alumni, research staff and recruiters to find work opportunities. The platform is built on GTI’s TargetConnect technology, which the company markets to other universities in the United Kingdom and abroad.
According to the university, the attack was enabled by a security vulnerability that has since been fixed. GTI has not publicly disclosed the nature of the vulnerability, the number of individuals affected, or whether any data was actually stolen. The company also did not confirm which categories of users were impacted.
Oxford’s statement said that alumni, research staff and employer users had their passwords forcibly reset following the incident. The university added that there is no evidence that course information, uploaded files, appointment details or financial data were involved. It also noted that the breach was focused on gathering credentials that could be used for phishing attempts.
Students were not listed among the affected users, but the university warned that names and email addresses might have been compromised. Oxford emphasized that the incident was entirely separate from the May 28 breach that hit Instructure’s Canvas learning management system.
The Canvas breach, which involved up to 275 million users across roughly 9,000 educational institutions, led Instructure to pay a ransom to the criminal group ShinyHunters to prevent the data from being released online. Oxford’s CareerConnect incident, by contrast, appears to have been limited to identity and authentication data.
The incident raises concerns about phishing and credential‑replay attacks. The university has advised affected users to monitor their accounts for suspicious activity and to change passwords where possible. It also has reset passwords for users who were not using SSO.
Regulators such as the UK’s Information Commissioner’s Office will likely review the university’s handling of the breach in light of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The university has stated that it will cooperate with any investigations.
At present, Oxford has confirmed that the platform is secure and that no other personal data was accessed. The university has not yet released a full list of affected individuals, and GTI has not provided further details. The incident underscores the need for robust security practices in third‑party educational platforms.
The university remains monitoring the situation and will provide updates if additional information becomes available. For now, the breach is contained to identity and authentication data, and the platform’s security has been restored.
CareerConnect is part of Oxford’s career services department and is used by students, alumni, research staff and recruiters to find work opportunities. The platform is built on GTI’s TargetConnect technology, which the company markets to other universities in the United Kingdom and abroad.
According to the university, the attack was enabled by a security vulnerability that has since been fixed. GTI has not publicly disclosed the nature of the vulnerability, the number of individuals affected, or whether any data was actually stolen. The company also did not confirm which categories of users were impacted.
Oxford’s statement said that alumni, research staff and employer users had their passwords forcibly reset following the incident. The university added that there is no evidence that course information, uploaded files, appointment details or financial data were involved. It also noted that the breach was focused on gathering credentials that could be used for phishing attempts.
Students were not listed among the affected users, but the university warned that names and email addresses might have been compromised. Oxford emphasized that the incident was entirely separate from the May 28 breach that hit Instructure’s Canvas learning management system.
The Canvas breach, which involved up to 275 million users across roughly 9,000 educational institutions, led Instructure to pay a ransom to the criminal group ShinyHunters to prevent the data from being released online. Oxford’s CareerConnect incident, by contrast, appears to have been limited to identity and authentication data.
The incident raises concerns about phishing and credential‑replay attacks. The university has advised affected users to monitor their accounts for suspicious activity and to change passwords where possible. It also has reset passwords for users who were not using SSO.
Regulators such as the UK’s Information Commissioner’s Office will likely review the university’s handling of the breach in light of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The university has stated that it will cooperate with any investigations.
At present, Oxford has confirmed that the platform is secure and that no other personal data was accessed. The university has not yet released a full list of affected individuals, and GTI has not provided further details. The incident underscores the need for robust security practices in third‑party educational platforms.
The university remains monitoring the situation and will provide updates if additional information becomes available. For now, the breach is contained to identity and authentication data, and the platform’s security has been restored.
