The University of Nottingham has confirmed to CyberInsider in a statement that it suffered a cyber incident resulting in unauthorized access to data stored in its student record system.
The disclosure comes after ShinyHunters listed the university on its leak site, alleging it had compromised more than 40 GB of data, including billing and payment records, student finance information, and administrative exports from the University of Nottingham and its campuses in Malaysia and China.
The threat actor claims the stolen data contains payer contact information, transaction amounts, IP addresses, names, home addresses, postcodes, email addresses, phone numbers, dates of birth, and other internal university records. The threat group leaked the data in a compressed archive exceeding 19 GB.
While the full scope of the incident has not yet been independently verified, the University of Nottingham has acknowledged that a “significant amount of data” was accessed. The institution is one of the United Kingdom’s largest universities, serving tens of thousands of students across multiple international campuses and maintaining extensive academic, administrative, and financial systems.
In a statement sent to CyberInsider, the university confirmed that the intrusion has been attributed to a known cybercriminal group and that an investigation is underway.
“The University of Nottingham has been the victim of a cyber incident, and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group.
“We are working with the third party that maintains the platform to lead a forensic investigation. We understand that those affected will have concerns about what this means for their personal data, and we will be offering advice and support to our students as we learn more.
“We take the privacy and security of data that we hold seriously, and we have reported this incident to Action Fraud and the Information Commissioner’s Office. The university will continue to provide them with further information as our investigation progresses.” — University of Nottingham spokesperson
The statement suggests that the affected system is operated or maintained by an external provider, with both the university and the third-party platform owner conducting forensic analysis to determine how the attackers gained access and exactly what information was exposed.
ShinyHunters is a prolific cybercrime operation linked to numerous high-profile data breaches targeting technology companies, retailers, educational institutions, and cloud service providers. In recent years, the group has repeatedly used extortion tactics, naming victim organizations on its extortion portal and threatening to release stolen data if demands are not met.
The university has not yet disclosed the number of impacted individuals, the date of the intrusion, or whether any ransom demand was received.
Students and other potentially affected individuals should remain alert for phishing emails, social engineering attempts, and fraudulent communications that may use personal information obtained during the breach. They should also monitor financial accounts for suspicious activity and ensure that passwords associated with university services are changed.
Leave a Reply