University of Nottingham University of Nottingham
Cybercriminal group hacks University of Nottingham, accessing personal data of students and alumni, including contact and financial details, as officials investigate and warn those affected. University of Nottingham - via University of Nottingham YouTube account

Personal data belonging to current and former students at the University of Nottingham has been accessed after a well-known cyber criminal group hacked the institution's student records system, the university has confirmed.

The breach involves a "significant amount" of information held in the university's Campus Solutions student record platform, which includes data on both students and alumni.

University officials said they identified unauthorized activity on the system on Tuesday and swiftly took the affected systems offline while a forensic investigation began with the third-party platform provider, according to the BBC.

In emails sent to those affected, the university said its working assumption is that several categories of data were accessed, including contact details such as names, email addresses and postal addresses, alongside course information and student or staff ID numbers.

The university also warned that financial information, including billing and payment records, and other personal data such as National Insurance numbers and protected characteristics may have been compromised, although the exact scope is still being confirmed.

Cybersecurity reporting platform Dexpose separately reported that the ransomware group ShinyHunters has claimed responsibility for the attack, alleging it stole more than 40 GB of data from the University of Nottingham and its campuses in Malaysia and China.

According to the group's statement, the cache allegedly includes credit card and payment details, student finance data, home addresses, phone numbers, dates of birth, IP addresses and other internal campus records.

The University of Nottingham said it has reported the incident to Action Fraud and the UK Information Commissioner's Office and will continue to share updates with regulators as the investigation progresses.

A spokesperson said the institution is offering advice and support to those affected and urged students and alumni to monitor their financial accounts, watch for suspicious activity, and change passwords on any services that use the same credentials as university systems, as per Hello Rayo.

Topics Students, Cyber Attack