Cyber Security Incident Affecting Careers and other Services

You may be aware there was a recent cyber security incident involving TargetConnect, a third-party platform used by a number of universities, including BSU, to support access to a range of student and staff services.

What is TargetConnect?

TargetConnect is a platform that provides services related to BSU careers, library, events booking, and wellbeing services, including:

  • mywellbeing.bathspa.ac.uk
  • mycareer.bathspa.ac.uk
  • myacademicskills.bathspa.ac.uk
  • mylibrary.bathspa.ac.uk

What was the nature of this cyber security incident?

GTI Media, owners of TargetConnect, confirmed that there was an attempt to access names and email addresses. This means there may be a higher risk of phishing or scam messages that look like they come from trusted sources. A forensic analysis found no evidence that any other personal data was accessed. We have also informed the relevant regulators and liaised with sector bodies, as appropriate.

Do I need to take any action regarding my account security?

If you access the services listed above using Bath Spa University's Single Sign-On (SSO), the feature which allows you to sign in to different platforms across BSU, then your University password has not been exposed through this incident.

However, if you have used a separate password for these services and you have used that same password on other websites or apps, we recommend changing it.

Please remain alert for any unexpected emails asking for personal information or encouraging you to click links or download attachments. If you receive anything suspicious, do not engage with it and report it to IT Services, via the IT self-service portal.

We understand that this incident may be concerning. The University acted quickly upon becoming aware of the incident and has already taken steps to help protect the security of our user data.

We are satisfied that the TargetConnect platform is safe to use, and the University's IT systems and networks have not been compromised as a result of this incident. If you have any questions about this incident or how your personal data has been handled, please contact IT Services via the self-service portal.