Oxford University students have faced another data breach, this time involving the CareerConnect platform, which is managed by Group GTI. This incident follows a previous breach that occurred just weeks prior.
Details of the Breach
The breach of CareerConnect, which supports students and alumni in finding job opportunities, resulted in the exposure of users’ full names and email addresses. For users who do not utilize single sign-on (SSO), their encrypted passwords were also leaked. The attack occurred on May 28 and was attributed to a security vulnerability that has since been addressed.
Impacted Users
While the exact number of affected individuals remains unconfirmed, Oxford University indicated that alumni, research staff, and employer users had their passwords forcibly reset following the breach. The university has not specified whether current students were directly impacted, although it acknowledged that names and email addresses could have been compromised.
Nature of the Attack
According to Oxford University’s announcement, the breach appeared to focus on gathering credentials, which could potentially lead to phishing attempts. The university emphasized that there is no evidence suggesting that course information, uploaded files, appointment details, or financial information were part of the compromised data.
Context of Recent Incidents
This breach is particularly concerning as it follows a significant incident involving Instructure’s Canvas platform, which affected approximately 8,800 educational institutions, including Oxford. The Canvas breach had a far-reaching impact, compromising the data of millions of students and staff. In contrast, the CareerConnect breach is characterized as a separate incident with a different attack vector.
As of now, Group GTI has not publicly disclosed the specific security issue that led to the breach and has not responded to inquiries for further information.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
