Oxford University hit by second data breach in a month

Oxford University is dealing with its second data breach in as many months after hackers targeted CareerConnect, the university's career services platform, in an attack on May 28 that exposed the personal data of alumni, research staff, and recruiters.

The breach hit CareerConnect, a platform provided by London-based tech company Group GTI and used by Oxford to connect students, alumni, research staff, and employers with job opportunities.

The attack exposed full names and email addresses across affected user groups. Those who do not use single sign-on authentication also had their encrypted passwords leaked.

Oxford said the attack exploited a "security vulnerability" that has since been patched. Affected users, specifically alumni, research staff, and employer accounts, have had their passwords forcibly reset. The university stated that course information, uploaded files, appointment data, and financial records were not involved in the incident.

No information has been released regarding this hack from the company itself. The only thing that Group GTI revealed to Oxford is that the attack "appeared to be focused on gathering credentials which may lead to phishing attempts" – a statement that Oxford included in their report on the incident.

Since the platform provided by GTI – TargetConnect – supports career management for other UK and foreign universities, one wonders if Oxford was the only university that was hacked or if it just happened to be the first one to report it.

The hack involved around 8,800 educational organisations, where 275 million students, teachers, and employees' data were compromised.