RSS

Oxford Uni student data pwned yet again, this time via career platform breach

Bender2 pts0 comments

Oxford University data pwned again by career platform breach

Jump to main content

Search

REG AD

security

Oxford Uni student data pwned yet again - this time via career platform breach

Totally different attack from the break-in last month. Oh so that's OK then

Connor Jones

Connor<br>Jones

Cybersecurity reporter

Published<br>sat 6 Jun 2026 // 08:28 UTC

Oxford University students seeking work will be dismayed to learn that crooks have breached a second external platform provider for the university in as many months.<br>The institution’s CareerConnect platform, provided by Group GTI, was the target of the intrusion, which exposed users’ full names and email addresses. Those who don’t use single sign-on (SSO) had their encrypted passwords leaked, too.<br>CareerConnect forms part of Oxford University’s career services department, supporting students and alumni to find work opportunities. It is available to students, alumni, research staff, and recruiters.

REG AD

The same underlying technology powering the platform, which GTI markets as TargetConnect, is used by other universities in the UK and overseas, according to its website.

REG AD

OxfordUni said the May 28 attack was enabled by a “security vulnerability,” which has since been fixed.<br>GTI has not publicly disclosed the security snafu itself, and did not respond to our requests for more information. The London-based tech company has not confirmed how many individuals were affected by the break-in, nor whether any data was stolen.<br>It has also not explicitly stated which types of individuals were affected, although Oxford’s announcement listed “alumni, research staff, and employer users” as those who had their passwords forcibly reset following the attack.<br>“There is no evidence that course information, uploaded files, appointment information, or financial information were involved in this incident,” the announcement went on to say.<br>“GTI has stated this breach appeared to be focused on gathering credentials which may lead to phishing attempts.”<br>The university did not list current students as among those affected, but told student newspaper Cherwell that names and email addresses might be compromised, and said the attack was entirely separate from the one which hit Instructure’s Canvas last month.

MORE CONTEXT

Congress investigates Canvas breach as company pays ransom

Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data

Oxford researchers pull off quantum first with distributed gate teleportation

Larry Ellison bankrolling £118M AI vaccine research at Oxford University

Twice bitten<br>Oxford University was just one of the circa 8,800 educational institutions affected by the mega breach at Canvas, a separate platform that’s also relied upon by schools, colleges, and universities.

REG AD

Seemingly timed by ShinyHunters to coincide with exam season, students across multiple countries were left without access to learning materials, tests, and grades at a pivotal time of the year.<br>The scale of the attack was vast, affecting the usernames, email addresses, course names, enrollment information, and messages of up to 275 million students, teachers, and staff.<br>The severity of the situation, coupled with the inopportune timing, led to Instructure “reaching an agreement” with ShinyHunters to prevent the criminal gang from leaking all the data online.<br>In cyberese, this implies Instructure paid the criminals an extortion fee in exchange for their word that they would delete the stolen data.<br>"We received digital confirmation of data destruction (shred logs)," Instructure said, adding "We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise." ®

group gti<br>data breach<br>oxford university<br>security<br>targetconnect

REG AD

SPONSORED LINKS<br>Building the New Trust Architecture for AI - Watch Now

offbeat

Brit maritime agency heralds fresh global rules for crewless cargo ships

If you thought driverless cars were bad, imagine a 200,000 ton container ship

Personal Tech

UK exam watchdog frets over smart specs turning GCSEs into Google searches

Ofqual says smart glasses, hidden earpieces, and AI tools are creating a new generation of cheating headaches

ZTE showcases AI-driven project management innovations at the 14th IPMA Research Conference 2026

PARTNER CONTENT: Integrating AI into the iEPMS platform to achieve a 98% quality review accuracy rate and slash report generation times, leveraging experience from 240,000 global projects

security

Oxford Uni student data pwned yet again - this time via career platform breach

Totally different attack from the break-in last month. Oh so that's OK then

SaaS

AWS reportedly to tuck Elon Musk's Grok into Bedrock, despite zero enterprise demand

The energy drink of frontier models

legal

Start spreading the news: Datacenters may face one-year ban in NY

The bill awaits Gov. Hochul's signature after passing the state...

oxford data platform breach university attack

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.