Oxford University’s CareerConnect Platform Hit by Second Breach in Two Months
Oxford University has suffered a second data breach in as many months, this time affecting its CareerConnect platform a service provided by Group GTI that helps students, alumni, and recruiters connect for job opportunities. The May 28 attack exposed users’ full names and email addresses, while those who did not use single sign-on (SSO) also had their encrypted passwords leaked.
The breach stemmed from a security vulnerability, which Oxford confirmed has since been patched. Group GTI, the London-based provider behind the platform (marketed as TargetConnect and used by other universities in the UK and abroad), has not disclosed details on the number of affected individuals or whether data was exfiltrated. Oxford’s announcement noted that alumni, research staff, and employer users had their passwords forcibly reset, though current students were not explicitly listed as impacted. No financial, course, or appointment data was reportedly compromised.
GTI suggested the breach was aimed at harvesting credentials for potential phishing attacks. The incident follows a separate, large-scale breach last month involving Instructure’s Canvas platform, which disrupted access to learning materials for nearly 8,800 educational institutions worldwide. That attack, attributed to the cybercriminal group ShinyHunters, exposed data from up to 275 million users including usernames, email addresses, and course information during a critical exam period. Instructure later confirmed it had paid an extortion fee to prevent the data from being leaked, receiving digital confirmation of its destruction.
Oxford University has emphasized that the two breaches are unrelated.
Careers Service, University of Oxford cybersecurity rating report: https://www.rankiteo.com/company/oxford-careers
GTI RECRUITING SOLUTIONS LIMITED cybersecurity rating report: https://www.rankiteo.com/company/gti-recruiting-solutions-limited
"id": "OXFGTI1780734292",
"linkid": "oxford-careers, gti-recruiting-solutions-limited",
"type": "Breach",
"date": "5/2026",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Alumni, research staff, '
'employer users (current '
'students not explicitly listed)',
'industry': 'Education',
'location': 'United Kingdom',
'name': 'Oxford University',
'type': 'Educational Institution'},
{'industry': 'Education Technology',
'location': 'London, United Kingdom',
'name': 'Group GTI',
'type': 'Technology Provider'}],
'attack_vector': 'Security Vulnerability',
'customer_advisories': 'Password reset advisory for affected users',
'data_breach': {'data_encryption': 'Encrypted passwords (strength unknown)',
'personally_identifiable_information': 'Full names, email '
'addresses',
'sensitivity_of_data': 'Low to moderate (no financial, '
'course, or appointment data exposed)',
'type_of_data_compromised': ['Full names',
'Email addresses',
'Encrypted passwords (non-SSO '
'users)']},
'date_detected': '2024-05-28',
'description': 'Oxford University has suffered a second data breach in as '
'many months, this time affecting its CareerConnect platform, '
'a service provided by Group GTI that helps students, alumni, '
'and recruiters connect for job opportunities. The May 28 '
'attack exposed users’ full names and email addresses, while '
'those who did not use single sign-on (SSO) also had their '
'encrypted passwords leaked. The breach stemmed from a '
'security vulnerability, which Oxford confirmed has since been '
'patched.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Oxford University and Group GTI',
'data_compromised': 'Full names, email addresses, encrypted '
'passwords (for non-SSO users)',
'identity_theft_risk': 'Increased risk due to exposed credentials',
'systems_affected': 'CareerConnect platform (Group GTI’s '
'TargetConnect)'},
'investigation_status': 'Ongoing',
'motivation': 'Credential Harvesting for Phishing Attacks',
'post_incident_analysis': {'corrective_actions': 'Vulnerability patched, '
'passwords reset',
'root_causes': 'Security vulnerability in '
'CareerConnect platform'},
'references': [{'source': 'Oxford University Announcement'}],
'response': {'communication_strategy': 'Public announcement by Oxford '
'University',
'containment_measures': 'Vulnerability patched, passwords '
'forcibly reset for affected users'},
'title': 'Oxford University’s CareerConnect Platform Hit by Second Breach in '
'Two Months',
'type': 'Data Breach'}