Nottingham University breach hits 454,600 students

The University of Nottingham confirmed a cyber incident in which a hacking group accessed its student records system, exposing data on more than 454,600 current and former students.

A significant amount of data was accessed. The university told BleepingComputer in an emailed statement that the breach has been reported to the UK's Information Commissioner's Office and Action Fraud. It described the incident as involving a well-known cybercriminal group that gained access to its student record system.

The university added that it is working with the third party that maintains the platform to lead a forensic investigation. It stated that it takes the privacy and security of data it holds seriously.

ShinyHunters claimed responsibility for the theft. The extortion gang posted on its dark web leak site on Tuesday, one day before the university's confirmation, and shared an archive of allegedly stolen documents as proof. It claimed to have taken over 40GB of documents containing student finance data, billing and payment information, credit card and payment details, and campus portal exports from the University of Nottingham and its Malaysia and China campuses.

ShinyHunters also stated that the stolen documents contain the affected students' full names, home addresses, IP addresses, phone numbers, and dates of birth.

Have I Been Pwned quantified the impact. After analyzing the leaked data, the breach notification service said on Wednesday that the incident affects 454,600 former and current students. The exposed information includes email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments.

The attack forms part of a broader ShinyHunters campaign. The group has stolen data from over 100 organizations worldwide after breaching their cloud and on-premises Oracle PeopleSoft instances. PeopleSoft is an enterprise business software suite used to manage large-scale operations such as human resources, finance, payroll, supply chain, procurement, and campus administration.

ShinyHunters told BleepingComputer that they are using a "gadget chain" of zero-days and old vulnerabilities in the attacks. The group added that the attack is not working on all systems, likely because successful exploitation depends on each instance's configuration.

BleepingComputer has reached out to Oracle to confirm whether the company is aware of an actively exploited PeopleSoft zero-day but has not yet received a reply.

Nottingham is the latest UK university targeted. It is the second UK university to have disclosed a data breach in recent days. The University of Oxford revealed last week that its CareerConnect career services platform had been compromised on May 28, following an earlier breach of Instructure's Canvas learning management system in early May.