Oxford University has disclosed a data breach affecting users of its CareerConnect careers platform after attackers gained unauthorized access to information stored by a third-party service provider.
The incident did not involve Oxford’s own systems. Instead, the breach affected CareerConnect, a platform used by students, alumni, researchers, and employers that is operated by careers technology provider GTI.
According to Oxford’s Careers Service, attackers were able to access users’ first names, last names, and email addresses. For some users, encrypted passwords were also exposed. The affected passwords belonged to users who sign in directly through CareerConnect rather than through Oxford’s Single Sign-On system.
Oxford said students who use Single Sign-On were not affected by the password exposure, although their names and email addresses may have been accessed. Alumni, research staff, and employer users who rely on CareerConnect passwords have been required to reset their credentials.
The university has not disclosed how many users were affected.
GTI informed Oxford about the incident on May 28 and said a vulnerability in the platform had been exploited by an unauthorized party. The company has since fixed the issue and implemented additional security measures, according to the university.
Oxford said there is no evidence that course information, uploaded files, appointment records, or financial information were compromised in the breach. The university also stated that there is no indication that Oxford’s internal systems were accessed.
According to GTI, the breach appeared to be focused on collecting credentials that could later be used in phishing campaigns. As a result, Oxford is warning users to be cautious of unexpected emails and messages that appear to come from the university, GTI, or CareerConnect.
The university advised users to independently verify requests for personal or financial information and reminded them that Oxford will never ask for passwords through email or messaging platforms.
Oxford said the CareerConnect platform has been secured and remains safe to use. The university added that affected users will be contacted directly if any additional action becomes necessary.
Site Disclaimer
2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.
The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.