- Latest
- Trending
On June 1, Oxford University disclosed a data security incident after its career support website was breached. The university was informed of the event by the platform’s third party provider, Group GTI, who stated the threat actor gained unauthorized access to users’:
At this time, Group GTI has said the vulnerability has been fixed and additional security efforts have been implemented.
Michael Centrella, Head of Public Policy at SecurityScorecard, states, “Oxford is now facing its second disclosed data breach this year tied to a third-party platform. The latest incident follows the ShinyHunters breach of Instructure’s Canvas learning management system in May, another external platform used by the university. When the same institution is hit through multiple outside providers in the same year, it points to a broader problem: universities are relying on sprawling vendor ecosystems without applying enough continuous oversight to the systems that now hold student, alumni, and staff data.
“Attackers no longer need to compromise a university’s core network to create real harm. Since CareerConnect is used for internships, careers events, and employer or recruiter activity, exposed names and email addresses can help attackers craft more convincing phishing attempts. A fake employer message or fraudulent job opportunity is much harder to spot when it appears connected to a platform students and alumni already recognize.
“For affected users, the concern is not just whether their Oxford account is secure, but whether this information will be used to make later attacks more convincing. Students and recent graduates can be especially vulnerable because career-related messages often create urgency and opportunity at the same time. That is exactly the kind of environment attackers exploit, turning ordinary contact details into a pathway for fraud, credential theft, or additional personal data exposure.
“To stop this pattern, universities need to move beyond vendor trust based on contracts, questionnaires, and annual reviews. Third-party systems that handle student or alumni data should be treated as extensions of the university, with continuous monitoring, mandatory MFA and SSO, strict data limits, and clear incident disclosure requirements. Every third-party platform connected to a university becomes another path attackers can test. If those systems are not continuously secured, attackers will keep taking advantage of them to reach the students, alumni, and staff who trust the institution behind them.”
Brittany Barreto, Ph.D., is a podcaster, an entrepreneur, and a molecular and human geneticist. (In other words, she’s really smart.)...
A spyware firm has been targeting WhatsApp users with malicious links in contravention of a US court order forbidding it...
In November, a little-known American tech company announced a $115 million agreement to buy a little-known Dutch tech company.Deals like...
Discover Global News Panorama at news.mapworldnow.com — your universal gateway to comprehensive, international journalism. From politics and technology to culture and sports, we cover all news niches and all news categories from every corner of the world, all in one place.
