The University of Oxford said a breach of its CareerConnect career services platform exposed users’ first and last names, email addresses and encrypted passwords after attackers hit the third-party system on May 28.
KEY FACTS
- Platform CareerConnect is run by Group GTI and used by several UK universities.
- Data exposed Names, email addresses and encrypted passwords for non-SSO users were involved.
- Impact Oxford said there is no evidence its own systems were compromised.
- Response Local passwords were invalidated and users will reset them at next sign-in.
The university said alumni, research staff and employer users who sign in with local CareerConnect passwords were affected. Users who authenticate through Single Sign-On were not included in that part of the exposure, according to the disclosure.
The disclosure said there is no evidence that course information, uploaded files, appointment information or financial information were involved. GTI also said the incident appeared to focus on credential theft, which could be used to support phishing attempts.
Oxford warned staff, students and external CareerConnect users to watch for scam or phishing emails. A university spokesperson said the institution remains in contact with GTI and has no information suggesting the intrusion was a ransomware attack.
This is the second data breach Oxford has disclosed this year after a separate incident involving Instructure’s Canvas learning system, which affected user data on that platform.
WHY IT MATTERS
The case shows how a breach at a third-party service can expose university users even when core campus systems are not affected. It also raises the risk of follow-on phishing against people whose contact details and passwords were taken.