University of Oxford Reports Data Breach in CareerConnect Platform
The University of Oxford has disclosed a data breach affecting its CareerConnect platform, a third-party service managed by Group GTI. The incident, detected on May 28, exposed users' first names, last names, email addresses, and encrypted passwords for those not using Single Sign-On (SSO). Passwords set locally on the platform have since been invalidated, requiring affected users to reset them.
According to Group GTI, the breach appears to have been carried out to harvest credentials for phishing campaigns, though no evidence suggests that course details, uploaded files, appointment records, or financial data were accessed. This marks the second breach involving Oxford this year, following a May attack on Instructure’s Canvas learning management system by the ShinyHunters extortion gang, which compromised usernames, email addresses, messages, and course information.
Oxford has confirmed that its internal systems remained secure in both incidents. Users of the CareerConnect platform have been advised to remain cautious of phishing or scam attempts leveraging the exposed data. The university continues to investigate the breach in coordination with Group GTI.
Instructure TPRM report: https://www.rankiteo.com/company/instructure-inc-
Group GTI TPRM report: https://www.rankiteo.com/company/group-gti
"id": "groins1780964840",
"linkid": "group-gti, instructure-inc-",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of the CareerConnect '
'platform',
'industry': 'Education',
'location': 'United Kingdom',
'name': 'University of Oxford',
'type': 'University'},
{'industry': 'Technology/Recruitment',
'name': 'Group GTI',
'type': 'Third-party service provider'}],
'customer_advisories': 'Users advised to reset passwords and remain cautious '
'of phishing attempts',
'data_breach': {'data_encryption': 'Passwords were encrypted',
'personally_identifiable_information': ['First names',
'Last names',
'Email addresses'],
'sensitivity_of_data': 'Low to moderate (no financial or '
'course data exposed)',
'type_of_data_compromised': ['Personally identifiable '
'information',
'Authentication data']},
'date_detected': '2024-05-28',
'description': 'The University of Oxford disclosed a data breach affecting '
'its CareerConnect platform, a third-party service managed by '
"Group GTI. The incident exposed users' first names, last "
'names, email addresses, and encrypted passwords for those not '
'using Single Sign-On (SSO). Passwords set locally on the '
'platform were invalidated, requiring affected users to reset '
'them.',
'impact': {'data_compromised': 'First names, last names, email addresses, '
'encrypted passwords',
'identity_theft_risk': 'Potential phishing or scam attempts',
'systems_affected': 'CareerConnect platform'},
'investigation_status': 'Ongoing',
'motivation': 'Credential harvesting for phishing campaigns',
'recommendations': 'Users advised to remain cautious of phishing or scam '
'attempts leveraging exposed data',
'references': [{'source': 'University of Oxford'}, {'source': 'Group GTI'}],
'response': {'communication_strategy': 'Advisories to users about phishing '
'risks',
'containment_measures': 'Invalidated locally set passwords, '
'required password resets'},
'title': 'University of Oxford CareerConnect Platform Data Breach',
'type': 'Data Breach'}