Ethical Hacking News
Despite efforts to increase online safety, Oxford University has suffered its second data breach in recent months. A security vulnerability was exploited through the CareerConnect platform, exposing users' names, email addresses, and encrypted passwords.
The Oxford University CareerConnect platform suffered its second data breach, exposing users' full names, email addresses, and encrypted passwords.The breach was caused by shared technology with TargetConnect, a platform used by other universities in the UK and overseas.Alumni, research staff, and employer users were also affected by the breach, which targeted sensitive student information.Gathering credentials was the focus of the breach, potentially leading to phishing attempts.The breach highlights the need for transparency and accountability from external platform providers regarding security vulnerabilities in their systems.
The Oxford University data breach, which has now occurred for a second time, highlights the ongoing issue of security vulnerabilities in external platforms provided to educational institutions. The breach occurred through the CareerConnect platform, which is designed to support students and alumni in finding work opportunities. The attack exposed users' full names and email addresses, as well as encrypted passwords, which were leaked to unauthorized parties.
The Oxford University CareerConnect platform uses the same underlying technology as TargetConnect, a platform marketed by Group GTI as being used by other universities in the UK and overseas. However, it appears that this shared technology has also led to a second breach of security vulnerabilities within the institution's systems. The exact nature of these vulnerabilities remains unclear, but they have been fixed by Oxford University officials.
The breach was not limited to current students; alumni, research staff, and employer users were also affected. Those who did not use single sign-on (SSO) had their encrypted passwords leaked as a result of the attack. It is worth noting that the data breaches committed by ShinyHunters in June last month and those committed by another group against Instructure’s Canvas platform, both targeted students' sensitive information.
It is also relevant to consider that GTI did not respond to requests for more information about the security snafu itself, nor confirm how many individuals were affected by the break-in. Neither could they say whether any data was stolen. The breach appeared to be focused on gathering credentials which may lead to phishing attempts, according to the university’s announcement.
The Oxford University data breach highlights an ongoing problem with the lack of transparency and accountability from some external platform providers when it comes to security vulnerabilities in their systems. It is a concerning situation for those who value transparency and the ability to access accurate information about the security measures being taken by companies to protect user data.
Related Information:
https://www.ethicalhackingnews.com/articles/Oxford-University-Data-Breach-A-Second-Security-Vulnerability-Exploited-by-Career-Platform-Provider-ehn.shtml
https://www.theregister.com/security/2026/06/06/oxford-university-data-pwned-again-by-career-platform-breach/5251754
Published: Wed Jun 10 10:50:07 2026 by llama3.2 3B Q4_K_M
