Back

ShinyHunters Claim Cyberattack on University of Nottingham Exposing 455K Records

Severity: High (Score: 66.0)

Sources: Theregister, www.nottingham.ac.uk, Therecord.Media, Computing

Published: 2026-06-11 · Updated: 2026-06-11

Keywords: university, nottingham, claims, data, student, after, shinyhunters

Severity indicators: data theft, ot, university, cyber incident

Summary

The University of Nottingham confirmed a cyberattack on its student record system, attributed to the ShinyHunters group. They claimed to have stolen approximately 40 GB of data, including sensitive information such as billing records, credit card details, and personal data of around 455,000 individuals. The breach affects both current students and alumni, including those from the university's campuses in Malaysia and China. The university has reported the incident to Action Fraud and the Information Commissioner's Office and is actively investigating the breach. Affected individuals have been contacted directly, and a dedicated support line has been established. The attack coincides with ongoing industrial action by university staff, potentially complicating the situation for students awaiting their degree classifications. Key Points: • ShinyHunters claimed responsibility for a cyberattack on the University of Nottingham. • Approximately 40 GB of sensitive data, including 455,000 email addresses, was stolen. • The university is investigating the breach and has contacted affected students and alumni.

Detailed Analysis

**Impact** Approximately 455,000 unique email addresses associated with the University of Nottingham were exposed, affecting current students, alumni, and potentially individuals at the Malaysia and China campuses. The breach involved around 40 GB of data, including billing and payment records, credit card details, student finance data, passport numbers, and academic enrollment information. The incident disrupts university operations amid ongoing staff industrial action, potentially delaying student grading and degree classifications. The breach also coincides with other cyber incidents in UK educational institutions. **Technical Details** ShinyHunters claimed responsibility for the attack, stating they accessed the university’s student record system and exfiltrated tens of gigabytes of data. Specific attack vectors, malware, exploited vulnerabilities, or infrastructure details were not disclosed in the available information. The breach appears to have involved unauthorized access to databases containing sensitive personal and financial data. No IOCs or CVEs were reported. **Recommended Response** Defenders should monitor for unauthorized access attempts targeting student record systems and databases containing personal and financial information. Immediate notification and support to affected individuals are critical, as the university has initiated. Organizations in the education sector should review access controls, enhance monitoring for data exfiltration, and coordinate with law enforcement and regulatory bodies. No specific patches or detection signatures were provided.

Source articles (4)

  • Nottingham Uni says student records raided after ShinyHunters claims cyberattack — Theregister · 2026-06-11
    Crooks claim 40 GB haul as breach database pegs number of exposed email addresses at 455K The University of Nottingham has confirmed a cyberattack on its student record system after the ShinyHunters c…
  • 'Significant amount' of data stolen in Nottingham University cyberattack — Computing · 2026-06-11
    The University of Nottingham has warned current students and alumni that a third-party has accessed “a significant amount of data” in its student record system. The attack apparently started on Tuesda…
  • University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft — Therecord.Media · 2026-06-11
    According to the university’s statement, it is still working to understand what data has been accessed and said it had already directly contacted affected students and alumni, potentially including th…
  • Student And Alumni Data Has Been Compromised In A Data Security Incident — www.nottingham.ac.uk · 2026-06-11

Timeline

  • 2026-06-11 — University confirms cyberattack: The University of Nottingham acknowledged a cyber incident affecting its student record system, revealing data access by ShinyHunters.
  • 2026-06-11 — ShinyHunters claims data theft: The cybercriminal group claimed to have stolen around 40 GB of data, including personal and financial information.
  • 2026-06-11 — Breach notification service updates database: Have I Been Pwned added the leaked dataset, noting around 454,600 university-related email addresses were included.
  • 2026-06-11 — University sets up support line: The University of Nottingham established a dedicated support line for affected students and alumni following the breach.

Related entities

  • Shiny Hunters (Apt Group)
  • Data Breach (Attack Type)
  • Malware (Attack Type)
  • Canvas (Tool)
  • Great Marlow School (Company)
  • Harvard University (Company)
  • University Of Nottingham (Company)
  • Education (Company)
  • China (Country)
  • Malaysia (Country)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
  • NottinghamHub (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed