Oxford data breach after careers platform hack
▼ Summary
– Oxford University’s CareerConnect platform, run by third-party provider Group GTI, was breached on May 28, exposing users’ first names, last names, email addresses, and encrypted passwords.
– The breach did not compromise university systems, and there is no evidence that course information, uploaded files, appointment data, or financial information were accessed.
– GTI invalidated the locally set passwords for alumni, research staff, and employer users, who will be required to reset them on next login.
– Oxford warned users of potential phishing or scam emails, as the attack appeared focused on gathering credentials.
– This is the second data breach for Oxford in 2024, following a May breach of Instructure’s Canvas LMS by the ShinyHunters extortion gang.
The University of Oxford has confirmed a data breach after its third-party supplier, Group GTI, reported that the CareerConnect career services platform had been compromised. The incident, disclosed late last week, affects users of the platform used by Oxford and other UK institutions such as King’s College London and the University of Manchester to manage their career hubs.
Oxford, founded in 1096, is the oldest university in the English-speaking world. It operates as a collegiate research university with 43 autonomous colleges, hosting more than 26,000 students and over 5,900 research, teaching, and support staff. The breach occurred on May 28, when attackers accessed users’ first names, last names, email addresses, and encrypted passwords for those who do not use Single Sign-On (SSO).
“Alumni, research staff, and employer users access CareerConnect with a password set locally on CareerConnect. These passwords were invalidated by GTI, and users will be asked to reset their password next time they sign in,” the university stated. It added that there is no evidence that course information, uploaded files, appointment details, or financial data were compromised. GTI indicated the breach appeared to focus on gathering credentials, which could lead to phishing attempts.
The institution emphasized that the incident was limited to GTI’s third-party system, with no evidence that university systems were breached. It also noted that neither GTI nor the university has found any indication that students’ passwords or financial information were accessed. However, staff, students, and external CareerConnect users were warned to remain vigilant against potential phishing or scam emails.
“We remain in contact with GTI regarding the extent of the impact,” a university spokesperson told BleepingComputer. “There is nothing in the information provided to us by GTI to suggest this was a ransomware attack. Do not have any information regarding attribution of the activity, claims of responsibility, or related matters.”
This is the second data breach Oxford has disclosed this year. In early May, the ShinyHunters extortion gang compromised Instructure’s Canvas learning management system (LMS) , which the university uses. Following that attack, the hackers claimed to have stolen 280 million records from 8,809 colleges, school districts, and online education platforms worldwide. Instructure later reached an agreement with the cybercrime group, stating that the stolen data was returned and shred logs confirming its destruction were provided.
Oxford confirmed it was among the victims, reiterating that its systems were not compromised. The exposed data in that incident was limited to usernames, Canvas email addresses, messages exchanged between users, course names, and course enrollment information.
Update June 08, 12:07 EDT: Added Oxford University statement.
(Source: BleepingComputer)
