Oxford University has confirmed a data security breach involving its CareerConnect platform, which is managed by the external provider Group GTI. The incident, disclosed following an attack on May 28, 2026, resulted in the exposure of user names and email addresses. This marks the second significant cybersecurity incident affecting university-related services in two months, following a separate breach of the Canvas learning management system.
What information was compromised in the CareerConnect breach?
The breach of the CareerConnect platform exposed full names and email addresses of registered users. According to the university, individuals who do not utilize single sign-on (SSO) authentication also had their encrypted passwords leaked. The university initiated forced password resets for affected groups, which include alumni, research staff, and employer users.
Oxford University stated there is no evidence that financial information, uploaded files, appointment details, or course-specific data were accessed during the incident. The university noted that the breach appeared to be focused on credential harvesting, which typically precedes phishing attempts.
How does this compare to the recent Canvas security incident?
This intrusion is distinct from the breach of the Canvas platform that occurred in May 2026. The Canvas incident involved a much larger scale of impact, affecting approximately 8,800 educational institutions globally. The Canvas breach compromised the usernames, email addresses, course information, and personal messages of up to 275 million users.
While the CareerConnect breach was limited to a specific service provider, the Canvas incident was linked to the criminal group ShinyHunters. In the aftermath of the Canvas breach, the platform provider Instructure confirmed it reached an agreement with the attackers to prevent the release of stolen data. Instructure reported receiving digital confirmation that the data was destroyed.
What steps is the university taking?
Oxford University reported that the security vulnerability within the GTI-managed platform has been addressed. While the university has communicated with the student body, including reports provided to the student newspaper Cherwell, the full extent of the data access remains under investigation. Group GTI, the London-based technology firm responsible for the TargetConnect platform, has not publicly disclosed the specifics of the security vulnerability or confirmed the total number of individuals impacted.
Students and staff are encouraged to remain vigilant against potential phishing attempts that may use the compromised contact information to solicit credentials or sensitive data. Because the breach involved password exposure for non-SSO users, experts generally recommend that affected individuals update their login credentials across any other platforms where they may have reused the same password.