The University has announced a security breach affecting CareerConnect, compromising user data. Find out the details and essential precautions to take.
The University has recently been informed by GTI, the third-party provider of CareerConnectabout a security breach that compromised certain user data. On Thursday, 28 May 2026an unauthorized third party gained access to the platform, potentially exposing users’ personal information.
This incident has raised concerns about data security and the potential for phishing attempts. The University is working closely with GTI to address the issue and has implemented additional security measures to prevent future breaches.
Scope of the Breach
The breach primarily affected users’ first nameslast namesand email addresses.
For users who do not utilize Single Sign-On (SSO)encrypted passwords were also compromised. GTI has confirmed that the security vulnerability has been fixed, and additional measures are in place to enhance protection.
Impact on Different User Groups
Students who use their SSO to access CareerConnect are not affected by the password breach.
However, their names and email addresses may have been compromised. Alumniresearch staffand employer users who set passwords locally on CareerConnect have had their passwords invalidated and will be required to reset them upon their next login.
It is important to note that there is no evidence suggesting that course informationuploaded filesappointment informationor financial information were involved in this incident. The breach appears to be focused on gathering credentials that could lead to phishing attempts.
Protective Measures and Advice
In light of this incident, all users of CareerConnect are advised to remain vigilant against potential phishing attempts. Here are some key precautions to take:
- Stay alert to any suspicious emails or messages, especially those appearing to come from trusted organizations like the University, GTI, or CareerConnect.
- Verify requests for personal or financial information independently before responding.
- Report any suspicious or concerning emails or messages to the Information Security team at [email protected] and follow the published guidance on reporting an incident.
- Ensure that all work devices, including mobile devices, have up-to-date software and installed anti-virus protection.
The University emphasizes that it will never ask for a password by email or message. Users can find additional resources on accessing free software, protecting their computers, and keeping mobile devices secure. The University’s online training course offers further information and advice about information security and data protection at Oxford.
Ongoing Monitoring and Updates
The University is continuing to work closely with GTI to assess the impact of the breach and monitor the situation. Affected users will be contacted directly if any further action becomes necessary. Further updates will be provided on this page if the situation develops.
It is crucial for all users to remain alert to phishing or scam emails and to ensure that their devices used for work or study are appropriately protected. By taking these precautions, users can help mitigate the risks associated with this security breach.
