Nottingham University Breach Exposes 454,600 Students' Data
Key Takeaways
- 454,600 current and former students affected across three global campuses
- Stolen data includes passport numbers, payment details, addresses, and academic records
- Attack is part of a larger ShinyHunters campaign targeting Oracle PeopleSoft systems at 100+ organizations
The University of Nottingham confirmed Wednesday that hackers accessed its student records system, exposing personal and financial data for 454,600 current and former students. The breach affects all three of the university's campuses in the UK, Malaysia, and China.
"The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group," the university said in a statement to BleepingComputer. "We are working with the third party that maintains the platform to lead a forensic investigation."
The university reported the incident to the UK's Information Commissioner's Office and Action Fraud. It has not publicly attributed the attack to any specific group.
ShinyHunters Claims Responsibility
The ShinyHunters extortion gang claimed responsibility on Tuesday, posting proof to their dark web leak site. The group says it stole over 40GB of documents from the university's systems.
According to ShinyHunters, the stolen data includes student finance records, billing and payment information, credit card details, and campus portal exports. The group also claims to have full names, home addresses, IP addresses, phone numbers, and dates of birth.
Breach notification service Have I Been Pwned analyzed the leaked data and confirmed the scope. The service found the breach contains email addresses, names, addresses, phone numbers, ethnicities, disability information, passport numbers, academic enrollment details, and fee payment records.
Part of a Larger PeopleSoft Campaign
This attack is not isolated. BleepingComputer reports that ShinyHunters has breached over 100 organizations worldwide through their Oracle PeopleSoft instances. PeopleSoft is enterprise software used to manage HR, finance, payroll, supply chains, and campus administration.
ShinyHunters told BleepingComputer they are using a "gadget chain" combining zero-day vulnerabilities with older exploits. The group noted the attack does not work on all systems. Success depends on each PeopleSoft instance's specific configuration.
Universities are particularly attractive targets for extortion groups. They maintain vast repositories of personal data, often on legacy systems with inconsistent security practices. A Russell Group institution like Nottingham holds decades of student records.
Student Reactions and Concerns
On Reddit's r/nottingham and r/UniversityofNottingham, students expressed anxiety about identity theft. Many called for clearer communication about what specific data types were stolen and whether compensation would be offered.
The timing compounds the disruption. The breach hit during the university's critical exam marking period, adding operational chaos to the data security crisis.
For affected students and alumni, the exposure of passport numbers is particularly concerning. Unlike passwords or even credit cards, a passport number cannot be easily changed. Combined with full names, dates of birth, and addresses, this data creates significant identity theft risk.
What Should Affected Students Do?
- Check Have I Been Pwned to confirm if your email appears in the breach
- Monitor bank and credit card statements for unauthorized charges
- Consider a credit freeze or fraud alert with UK credit bureaus (Experian, Equifax, TransUnion)
- Be alert for phishing attempts using your personal details
- If your passport number was exposed, contact the Passport Office about potential replacement
The University of Nottingham ranks in the UK's Top 20 and global Top 100. It employs 7,000 staff and enrolls over 46,000 students. The ICO investigation will determine whether the university met its data protection obligations under UK GDPR.
Logicity's Take
Another major data breach with significant regulatory consequences
Related coverage of enterprise software vulnerabilities being actively exploited
Frequently Asked Questions
How do I know if my data was in the Nottingham University breach?
Check Have I Been Pwned by entering your email address. The service has indexed the breach data and will confirm if your information appears.
What data did ShinyHunters steal from Nottingham University?
The breach includes names, email addresses, home addresses, phone numbers, dates of birth, ethnicities, disability information, passport numbers, academic records, and payment details.
Can I change my passport number if it was exposed?
Yes. Contact HM Passport Office to report the data breach. You may be able to request a replacement passport with a new number, though standard fees may apply.
Who is ShinyHunters?
ShinyHunters is an extortion gang known for large-scale data theft. They've previously targeted companies like Microsoft, Tokopedia, and Mashable. They typically steal data and threaten to publish it unless victims pay.
Were only current students affected?
No. The breach affects both current students and alumni. Have I Been Pwned confirmed 454,600 individuals were impacted, including former students whose records remained in the system.
Need Help Implementing This?
Source: BleepingComputer
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Kraken Crypto Exchange Extortion: Hackers Threaten to Leak Internal Videos After Insider Breach
Cryptocurrency exchange Kraken is being extorted by hackers who obtained videos of internal systems through bribed support employees. The company says no funds were compromised and refuses to pay, with only about 2,000 accounts affected. Kraken is working with federal law enforcement to prosecute everyone involved.
Windows 11 KB5083769 and KB5082052: April 2026 Patch Tuesday Brings Smart App Control Changes and Security Fixes
Microsoft's April 2026 Patch Tuesday updates are now live for Windows 11, bringing critical security patches alongside a welcome change to Smart App Control. You can finally toggle SAC on or off without wiping your entire system. The updates cover versions 23H2, 24H2, and 25H2.
Zero Trust Identity Security: 5 Ways This Framework Actually Stops Credential Theft
Stolen credentials caused 22% of breaches in 2025, making them the top attack vector. Zero Trust promises to fix this, but only when it's built around identity as the core principle. Here's how organizations can implement it properly.
Open Source PR Backlogs: Why Your GitHub Contribution Sits Unreviewed for a Year
A developer's Jellyfin pull request has been waiting over a year for merge despite two approvals, exposing a systemic crisis in open source maintenance. Queuing theory explains why backlogs grow exponentially, and 60% of maintainers have quit or considered quitting due to burnout.
Also Read
OpenAI Backs EU Transparency Code for AI Content
OpenAI has announced support for the European Commission's Code of Practice on Transparency of AI-Generated Content. The commitment builds on the company's provenance work since 2024 and comes 60 days before the EU AI Act becomes fully enforceable.
Ivanti Sentry Exploit Goes Live: Most Exposed Gateways Backdoored
A maximum severity vulnerability in Ivanti Sentry is being actively exploited just one day after patches were released. Shadowserver reports that most internet-exposed Sentry gateways are already compromised, with attackers gaining root access through trivial command injection.
South Korea Fines Coupang $409 Million for Data Breach
South Korea's privacy regulator hit e-commerce giant Coupang with a record 625 billion won fine after a former employee leaked data from 33 million customer accounts. The penalty marks the largest data breach fine in the country's history and highlights basic security failures rather than sophisticated hacking.