Oxford University Discloses Data Breach via Third-Party Career Platform
The University of Oxford revealed a data breach last week after its third-party career services provider, Group GTI, reported that its CareerConnect platform had been compromised. The incident exposed personal data of students, alumni, research staff, and employer users across multiple UK universities, including Oxford, King’s College London, and the University of Manchester.
The breach occurred on May 28, when attackers accessed users’ first and last names, email addresses, and encrypted passwords though only for those who logged in directly through CareerConnect rather than via Single Sign-On (SSO). Group GTI invalidated the affected passwords, requiring users to reset them upon next login. Oxford’s assessment indicated the attack was likely aimed at credential harvesting, potentially enabling future phishing campaigns. The university confirmed that no course details, financial data, or uploaded files were compromised, and its internal systems remained unaffected.
A university spokesperson told BleepingComputer that the incident did not involve ransomware, and no attribution or claims of responsibility have been reported.
This marks Oxford’s second data breach in 2025. In early May, the ShinyHunters extortion group breached Instructure’s Canvas learning management system, which Oxford uses. The hackers claimed to have stolen 280 million records from over 8,800 educational institutions globally. Instructure later confirmed the data was returned after negotiations, with logs verifying its destruction. Oxford stated that the exposed data included usernames, Canvas email addresses, user messages, course names, and enrollment details, but its own systems were not breached.
GTI Group cybersecurity rating report: https://www.rankiteo.com/company/group-gti
King's Careers & Employability cybersecurity rating report: https://www.rankiteo.com/company/kingscareers
"id": "GROKIN1781008776",
"linkid": "group-gti, kingscareers",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Students, alumni, research '
'staff, employer users',
'industry': 'Education',
'location': 'United Kingdom',
'name': 'University of Oxford',
'type': 'University'},
{'customers_affected': 'Students, alumni, research '
'staff, employer users',
'industry': 'Education',
'location': 'United Kingdom',
'name': 'King’s College London',
'type': 'University'},
{'customers_affected': 'Students, alumni, research '
'staff, employer users',
'industry': 'Education',
'location': 'United Kingdom',
'name': 'University of Manchester',
'type': 'University'},
{'industry': 'Education/Recruitment',
'name': 'Group GTI',
'type': 'Third-party career services provider'}],
'attack_vector': 'Third-party platform compromise',
'customer_advisories': 'Password reset required for affected users',
'data_breach': {'data_encryption': 'Yes (passwords encrypted)',
'personally_identifiable_information': 'First and last names, '
'email addresses',
'sensitivity_of_data': 'Low to moderate (names, emails, '
'encrypted passwords)',
'type_of_data_compromised': 'Personal data'},
'date_detected': '2025-05-28',
'description': 'The University of Oxford revealed a data breach after its '
'third-party career services provider, Group GTI, reported '
'that its CareerConnect platform had been compromised. The '
'incident exposed personal data of students, alumni, research '
'staff, and employer users across multiple UK universities, '
'including Oxford, King’s College London, and the University '
'of Manchester.',
'impact': {'data_compromised': 'First and last names, email addresses, '
'encrypted passwords',
'identity_theft_risk': 'Potential phishing campaigns',
'systems_affected': 'Group GTI CareerConnect platform'},
'motivation': 'Credential harvesting',
'post_incident_analysis': {'root_causes': 'Third-party platform compromise'},
'references': [{'source': 'BleepingComputer'}],
'response': {'communication_strategy': 'Public disclosure via '
'BleepingComputer',
'containment_measures': 'Invalidated affected passwords, '
'required password reset'},
'title': 'Oxford University Discloses Data Breach via Third-Party Career '
'Platform',
'type': 'Data Breach'}