Industry - Data Breach
Executive Summary
The University of Oxford disclosed that its third-party CareerConnect careers platform, operated by Group GTI, was breached on May 28, exposing users' names, email addresses, and encrypted passwords for non-SSO accounts. The breach, which also affects other UK universities using the platform like King's College London and the University of Manchester, appears focused on credential harvesting for potential phishing attacks, prompting password resets for affected users. This marks Oxford's seco...
What Happened
On May 28, 2026, attackers breached the CareerConnect careers platform operated by Group GTI, a third-party service provider used by the University of Oxford and other UK universities including King's College London and the University of Manchester. The breach exposed users' first and last names, email addresses, and encrypted passwords for accounts not using Single Sign-On (SSO). Group GTI invalidated the compromised passwords and stated the breach appeared focused on credential harvesting for potential phishing campaigns.
Who Is Affected
The breach affects Oxford University students, alumni, research staff, and employer users who access CareerConnect with locally-set passwords rather than SSO authentication. Users at other UK educational institutions using the same GTI-operated platform, including King's College London and the University of Manchester, are also impacted. External users registered on these career service platforms may also be affected.
Why It Matters
This represents Oxford's second disclosed data breach in 2026, following a May incident involving the Canvas learning management system that affected millions globally. The credential-focused nature of this attack increases the risk of targeted phishing campaigns against academic communities, and the multi-institution impact demonstrates how third-party platform vulnerabilities can cascade across numerous organizations simultaneously. The breach highlights ongoing security challenges in the education sector's reliance on external service providers.
What You Should Do
If you use CareerConnect at Oxford or another affected UK university, reset your password immediately upon your next login as GTI has invalidated compromised credentials. Be vigilant for phishing emails that may reference career services, job opportunities, or university communications, and verify any suspicious messages directly with your institution before clicking links or providing information. If you reused your CareerConnect password on other accounts, change those passwords immediately as well.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
- Oxford University discloses data breach after careers platform hack
- Oxford University discloses data breach after careers platform hack - BleepingComputer
- University of Oxford discloses data breach via third-party career platform - SC Media
- Evanston schools data breach raises concerns for parents - NBC 5 Chicago
Related Events
- Industry - Data BreachMay 21, 2026
A data breach targeting the Canvas educational platform in early May potentially...
- Industry - Data BreachMay 21, 2026
A cyberattack on Canvas, a widely used learning management platform, potentially...
- Industry - Data BreachMay 16, 2026
Canvas, an educational platform used by schools nationwide, suffered data breach...
- Industry - Data BreachMay 11, 2026
Canvas, a widely-used learning management system, suffered a cyberattack that ex...