The University of Nottingham has confirmed that a cyberattack on its student records system exposed data belonging to more than 450,000 current and former students, making it one of the largest higher education data breaches reported in the UK this year.
The university disclosed the incident after identifying unauthorized activity within its Campus Solutions student records platform. Following the discovery, the affected system was taken offline while investigators began examining what information may have been accessed.
According to notifications sent to affected individuals, the university is operating on the assumption that a significant amount of personal information may have been compromised. The potentially exposed data includes names, postal addresses, email addresses, phone numbers, national insurance numbers, student and staff identification details, course information, protected characteristic data, and financial information stored within the system.
University officials said both current students and alumni were affected. All impacted individuals have been contacted directly while the institution works to determine the full scope of the breach.
The university has not publicly confirmed how the attackers gained access to the system. However, in communications reviewed by multiple outlets, university officials said the incident is believed to be linked to a “well-known cybercriminal group” that has previously targeted other organizations. A forensic investigation is currently being conducted by an external cybersecurity firm.
Separately, the ShinyHunters cybercrime group has claimed responsibility for the attack. The group alleges it obtained more than 40GB of data, including student finance records, payment information, billing data, campus portal exports, and information related to the university’s campuses in the UK, Malaysia, and China. These claims originate from the attackers and have not been independently verified by the university.
The University of Nottingham said it is continuing to analyze the compromised data and is working with Action Fraud, the Information Commissioner’s Office, and other regulatory authorities. The Information Commissioner’s Office confirmed it has received a report about the incident and is assessing the information provided.
While the investigation remains ongoing, the university has warned affected students and alumni that personal and financial information may have been accessed and said it will continue providing updates as more details become available.