What Happened
In June 2026, the University of Nottingham (nottingham.ac.uk) disclosed that the ShinyHunters cybercriminal group had breached its student records system, in an attack discovered around 10 June 2026, compromising data for roughly 454,000–455,000 current and former students across its UK, Malaysia, and China campuses. The attackers claimed to have stolen over 40 GB of data, including student finance data, billing and payment information, credit card and other payment details, and campus portal exports. Analysis of the leaked files by Have I Been Pwned and reported by multiple outlets found that exposed records contained email addresses, full names, home addresses, phone numbers, dates of birth, ethnicities, disabilities, passport numbers, and information on academic enrolments, citizenship status, and fee payments, creating significant identity and financial fraud risk for affected individuals.
