The University of Nottingham has confirmed that a cybercriminal group gained access to its student records system, exposing data belonging to both current students and alumni.
The University of Nottingham is a public research university in the United Kingdom with around 7,000 staff and more than 46,000 students. It is ranked among the top 20 universities in the UK and the top 100 worldwide.
In a statement to BleepingComputer, the university said the incident involved a “significant amount of data” from its student record system. The breach has been reported to the UK’s Information Commissioner’s Office and Action Fraud.
“The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group,” the university said. It added that it is working with the third party responsible for maintaining the platform to carry out a forensic investigation.
The university has not officially named the attackers, but the ShinyHunters extortion group claimed responsibility for the breach on Tuesday. The group also shared an archive of allegedly stolen documents on its dark web leak site as proof of the attack.
According to ShinyHunters, the stolen data includes more than 40GB of documents from the University of Nottingham and its Malaysia and China campuses. The group claims the files contain student finance records, billing and payment details, credit card information, payment data, and campus portal exports.
The attackers also claimed that the documents include students’ full names, home addresses, IP addresses, phone numbers, and dates of birth.
After reviewing the leaked data, breach notification service Have I Been Pwned said the breach affects 454,600 current and former students. The exposed information reportedly includes email addresses, names, addresses, phone numbers, ethnicities, disabilities, passport numbers, and details related to academic enrolments and fee payments.
The attack is believed to be part of a broader data theft campaign linked to ShinyHunters. The group has allegedly stolen data from more than 100 organizations worldwide after breaching cloud and on-premises Oracle PeopleSoft systems.
PeopleSoft is an enterprise software platform used by large organizations to manage operations such as human resources, finance, payroll, procurement, supply chain, and campus administration.
ShinyHunters told BleepingComputer that the group is using a “gadget chain” involving zero-day flaws and older vulnerabilities to carry out the attacks. The attackers said the method does not work on every system, suggesting that successful exploitation depends on how each PeopleSoft instance is configured.
BleepingComputer has contacted Oracle to ask whether the company is aware of an actively exploited PeopleSoft zero-day vulnerability, but Oracle has not yet responded.
The University of Nottingham is the second UK university to disclose a data breach in recent days. Last week, the University of Oxford confirmed that its CareerConnect career services platform had been compromised on May 28.
Oxford also disclosed another breach in early May after ShinyHunters targeted Instructure’s Canvas learning management system.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
University Of Nottingham Confirms Student Data Breach After Hackers Access Records System
