### CareerConnect Platform Compromised Last week, the **University of Oxford** announced a new data breach after being notified by its third-party provider, **Group GTI**, that its **CareerConnect** career services platform had been compromised. This platform is also utilized by other prominent UK educational organizations, including **King's College London** and the **University of Manchester**, for their institution-specific career hubs. ### Breach Details and Exposed Data The breach occurred on May 28, with attackers gaining unauthorized access to users' first names, last names, email addresses, and encrypted passwords. This specifically impacts users who do not rely on Single Sign-On (SSO) for authentication. The university stated that passwords for alumni, research staff, and employer users — who set local passwords on CareerConnect — have been invalidated by GTI, requiring users to reset them upon their next login. Crucially, the university noted that there is no evidence suggesting the involvement of course information, uploaded files, appointment details, or financial data in this incident. **Group GTI** indicated that the attack appeared to be primarily focused on gathering credentials, likely for subsequent phishing attempts. ### University Response and System Integrity Both **Group GTI** and the **University of Oxford** have found no evidence that student passwords or financial information were accessed. The university emphasized that the incident was confined to **Group GTI**'s third-party system, with no indication that any of the university's internal systems were compromised. In light of the credential theft, the university has issued a warning to staff, students, and external CareerConnect users about the potential for targeted phishing or scam emails. A university spokesperson confirmed they are in ongoing communication with **Group GTI** to ascertain the full extent of the impact, adding that there is no information to suggest this was a ransomware attack or regarding the attribution of the activity. ### A Recurring Challenge: The Instructure Canvas Incident This marks the second data breach disclosed by the **University of Oxford** this year, underscoring a growing vulnerability through third-party services. Earlier in May, the university was affected by the **ShinyHunters** extortion gang's breach of **Instructure**'s **Canvas** learning management system (LMS), which Oxford also utilizes. Following the **Canvas** attack, **ShinyHunters** claimed to have exfiltrated 280 million records from thousands of educational institutions globally. **Instructure** subsequently reached an agreement with the cybercrime group, reporting that the stolen data was returned and confirmed destroyed. The **University of Oxford** confirmed its status as a victim in the **Canvas** breach, clarifying that its own systems were not compromised and the exposed data was limited to usernames, Canvas email addresses, platform messages, course names, and enrollment information. These incidents highlight the critical importance for IT security professionals to rigorously vet and continuously monitor the security postures of all third-party vendors with access to sensitive institutional data.