University of Nottingham suffers cyberattack, up to 40GB of data stolen

The University of Nottingham has confirmed a cyberattack on its student record system, resulting in a personal data breach that compromised a significant amount of data belonging to current and former students.

The ransomware group ShinyHunters has claimed responsibility, alleging it stole roughly 40GB of data, including student finance, billing, and payment records, and compromised the university's campuses in Malaysia and China. The breach notification service Have I Been Pwned subsequently added a 10GB leaked dataset to its database, revealing that around 454,600 unique university-related email addresses were exposed. The leaked information includes names, addresses, phone numbers, ethnicities, disabilities, passport numbers, academic enrolments, and fee payments.

The university has reported the incident to the Information Commissioner's Office (ICO), Action Fraud, and is working with a third-party provider to conduct a forensic investigation. Affected individuals are being contacted directly, and a dedicated support line has been established to provide advice.

Training announcement: Freevacy provides comprehensive training for new and existing practitioners on the changes introduced by the DUA Act to the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA18), and the Privacy and Electronic Communications Regulations 2003 (PEC-Regulations). Our courses are always up to date and provide a forum for learning and discussing how to ensure your data protection processes remain compliant. Find out more.