Oxford University says a separate breach at its CareerConnect jobs platform exposed users’ full names and email addresses, and encrypted passwords for people not using single sign-on. The affected service is provided by Group GTI and runs on its TargetConnect platform, which Oxford said was compromised on May 28 through an unspecified security vulnerability that has since been fixed; affected alumni, research staff, and employer users had passwords reset, and GTI has not publicly disclosed the flaw or total scope.
Why it matters: Students, alumni, staff, and recruiters who used the platform may now face phishing or credential-stuffing attempts, especially if they reused passwords elsewhere. Affected users should reset reused passwords, watch for convincing job-related scam emails, and universities using GTI TargetConnect should press the vendor for technical details and mitigation guidance.
Sergiu Gatlan
2026.06.08
99% relevant
This article is the same underlying event: Oxford's disclosure that Group GTI's CareerConnect platform was compromised on May 28, exposing names, email addresses, and encrypted passwords for some non-SSO users. It adds Oxford's warning that the intrusion appeared focused on gathering credentials for later phishing and confirms GTI invalidated affected locally set passwords.
2026.06.06
100% relevant
This article establishes a distinct new breach event: an intrusion into Oxford's third-party careers platform provider Group GTI/TargetConnect, explicitly separate from the earlier Canvas incident.
← Back to all stories