University of Nottingham Cyber Attack Linked to ShinyHunters Campaign
Severity: High (Score: 69.0)
Sources: haveibeenpwned.com
Published: · Updated:
Keywords: university, nottingham, shinyhunters, leak, extortion, campaign, data
Severity indicators: ot, university
Summary
In June 2026, the University of Nottingham experienced a cyber attack attributed to the ShinyHunters 'pay or leak' extortion campaign. The breach resulted in the publication of tens of gigabytes of sensitive data, including 455,000 unique email addresses, names, addresses, phone numbers, ethnicities, disabilities, passport numbers, and academic information. Both current students and alumni were affected by this incident. The university has urged individuals to change passwords and implement two-factor authentication for added security. This incident highlights the ongoing threat posed by cybercriminal groups targeting educational institutions. Key Points: • University of Nottingham suffered a significant data breach affecting 455,000 email addresses. • The breach is linked to the ShinyHunters extortion campaign, which demands payment to prevent data leaks. • Affected data includes extensive personal information of current students and alumni.
Detailed Analysis
**Impact** The University of Nottingham experienced a data breach affecting current students and alumni, resulting in the exposure of 455,000 unique email addresses and extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers, academic enrolment, and fee payment details. Separately, BCD Travel, a corporate travel management company, suffered a breach impacting 396,313 unique email addresses along with names, addresses, phone numbers, job titles, and employer names. Both incidents involved data leaks spanning education and corporate sectors, primarily affecting individuals in the UK and potentially other regions served by these organizations. **Technical Details** The attacks were linked to the ShinyHunters "pay or leak" extortion campaign, which involves data exfiltration followed by public release if ransom demands are unmet. Specific attack vectors, malware, exploited vulnerabilities, or infrastructure details were not disclosed in the provided sources. No indicators of compromise (IOCs) or CVEs exploited were mentioned. **Recommended Response** Organizations should enforce immediate password changes for affected accounts and implement multi-factor authentication (2FA) wherever possible. Use of password managers to generate and store strong, unique passwords is advised. Monitoring for unusual access patterns and potential follow-on phishing attempts targeting exposed individuals is recommended. No patching or specific detection rules were detailed in the reports.
Source articles (2)
- 396,313 unique email addresses have been leaked — haveibeenpwned.com · 2026-06-08
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from BCD was subsequently publish… - University Of Nottingham — haveibeenpwned.com · 2026-06-11
In June 2026, the University of Nottingham was the target of a cyber attack , later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published onl…
Timeline
- 2026-06-08 — BCD Travel data breach reported: BCD Travel was targeted by the ShinyHunters campaign, leaking 396,000 email addresses and other personal information.
- 2026-06-11 — University of Nottingham cyber attack disclosed: The University confirmed a cyber attack linked to ShinyHunters, affecting 455,000 unique email addresses and sensitive personal data.
Related entities
- Data Breach (Attack Type)
- Pay Or Leak Extortion Campaign (Campaign)
- ShinyHunters Pay Or Leak Extortion Campaign (Campaign)
- BCD Travel (Company)
- University Of Nottingham (Company)
- CWE-200 - Exposure of Sensitive Information (Cwe)
- T1567.002 - Exfiltration to Cloud Storage (Mitre Attack)
- T1567 - Exfiltration Over Web Service (Mitre Attack)