The University of Oxford has informed students of a data security incident involving GTI, the company which provides the University Careers Service platform CareerConnect.
In an email sent to students on late Friday afternoon, the University said the breach involved “student names and email addresses”, adding that “user passwords and any other personal data were not obtained”. A University spokesperson told Cherwell that Oxford was first informed that it was “impacted on Thursday afternoon of last week”.
The University’s email did not specify how many students were affected by the breach, nor was there any mention that the recipient was a victim of the breach. The University told Cherwell that it is “expecting more information from the external provider GTI on precise numbers” of students affected.
In the email, the University confirmed that it “takes incidents involving personal data seriously” and is “continuing to monitor and assess the situation”, adding that further updates would be provided “if necessary”.
The University stated that the CareerConnect platform “has now been secured” and that there is “no immediate action needed” from users. However, students were advised to “remain vigilant for unexpected emails” and avoid clicking suspicious links or providing personal information unless confident that communications are genuine. The University told Cherwell that there is currently no evidence to suggest that the compromised data has been misused or shared.
The email also clarified that the incident is “unrelated to the previous data security incident involving Canvas”. The breach follows widespread disruption earlier this month after the University temporarily suspended access to Canvas, its virtual learning platform, following a hack of Instructure, the service provider. In an email sent to all students by the University, it was confirmed that “some Oxford user data is affected” and that this “may include names, email addresses… and messages exchanged between users within Canvas”.
