Oxford University has disclosed that its CareerConnect careers platform was hacked on May 28, 2026. The platform — built and operated by third-party provider Group GTI — is used to connect students, alumni, research staff, and employers for job placements and internship opportunities. Attackers gained access to the system and stole first names, last names, email addresses, and encrypted passwords for users who don’t sign in through Single Sign-On. Financial data, course information, uploaded files, and appointment records were not compromised. Oxford has confirmed that its core university systems were not affected.
The breach also hit other UK universities that use the same CareerConnect platform, including King’s College London and the University of Manchester. Group GTI has warned that the stolen credentials may be used to launch targeted phishing emails — fake messages designed to look like they’re from the university or the careers service to trick recipients into handing over more personal information. Affected users’ passwords have already been invalidated, so you will be prompted to set a new one when you next log in.
How to check if you’re affected
Affected products include the CareerConnect platform operated by Group GTI — if you are a student, alumnus, staff member, or employer registered on CareerConnect at Oxford University, King’s College London, or the University of Manchester, your name and email address may have been exposed.
- Watch your inbox for unexpected emails claiming to be from your university careers service — these could be phishing attempts using the stolen data.
- If you receive an email asking you to click a link and re-enter your university login, go directly to the official university website instead of clicking.
- Check whether you reuse your CareerConnect email and password on any other accounts — if so, change those passwords now.
- Enable two-factor authentication on your university email account for an extra layer of protection.