University of Nottingham Data Breach: 454,635 Accounts Compromised in ShinyHunters Leak
- Jun 11
- 2 min read
Key Findings
University of Nottingham suffered a significant data breach in June 2026 affecting approximately 454,635 accounts
Attack attributed to ShinyHunters group operating a "pay or leak" extortion campaign
Over 40GB of sensitive data stolen including student records from UK, China, and Malaysia campuses
Exposed data includes email addresses, names, addresses, phone numbers, passport numbers, National Insurance numbers, and financial records
Both current students and alumni affected by the incident
University took systems offline within 24 hours of detection
Background
The University of Nottingham discovered unauthorized access to its Campus Solutions network on Tuesday, June 9th, 2026. This system manages critical student records across multiple locations. The breach impacted not only the main UK campus but also extended to the university's operations in China and Malaysia. ShinyHunters, an established hacking group with a history of targeting multiple organizations, claimed responsibility and subsequently published the stolen data on dark web leak sites as part of their extortion scheme.
Scope of the Breach
The exposed dataset contained extensive personal information beyond simple contact details. Students and alumni found their full names, home addresses, postcodes, dates of birth, phone numbers, and email addresses compromised. More critically, the breach included National Insurance numbers used for UK tax and employment purposes, passport information, and complete billing and payment records. The university confirmed that student ID numbers, course enrollment information, and campus portal exports were all accessible to the attackers. Payment processing data and credit card details were also reportedly included in the stolen files.
Immediate Response and Investigation
Upon detecting the attack, the university moved quickly to contain the damage by taking affected systems offline within hours. University leadership engaged external authorities including Action Fraud and the Information Commissioner's Office to launch a formal investigation. The university established a dedicated support line at 0115 74 86500 to address student concerns and provide regular updates on the incident. Chief governance and risk officer Jason Carter communicated with students about the breach's nature and the perpetrators' history of targeting other organizations.
Complications During Crisis
The timing of this breach created additional complications for the university community. Simultaneously, the institution was managing significant staffing reductions, having notified 2,700 employees about potential redundancies as part of plans to cut over 600 full-time positions. This financial crisis had already prompted University and College Union members to boycott assessment work, refusing to mark exams and assignments. Students, particularly those in final year programs, faced a compounded crisis where degree grading uncertainty intersected with the exposure of their personal information online.
Sources
https://haveibeenpwned.com/Breach/UniversityOfNottingham
https://hackread.com/shinyhunters-university-of-nottingham-student-data-leak/
https://www.zeckermcdecker.com/cybersecurity/breaches/university-of-nottingham-454635-breached-accounts
https://x.com/haveibeenpwned/status/2064835481251291421

Comments