BusinessCybersecurityNewswireTechnologyWhat's Buzzing

Nottingham University data breach hits 450,000 students

▼ Summary

– A hacking group breached the University of Nottingham’s student records system, exposing a “significant amount of data” from current students and alumni.
– The ShinyHunters extortion gang claimed responsibility, posting over 40GB of stolen documents on their dark web leak site.
– The breach affects 454,600 individuals, with leaked data including names, addresses, phone numbers, passport numbers, and financial information.
– The attack is part of a wider ShinyHunters campaign targeting Oracle PeopleSoft instances across over 100 organizations worldwide.
– The university reported the incident to the UK’s Information Commissioner’s Office and Action Fraud, and is working with a third party on a forensic investigation.

The University of Nottingham has confirmed a major data breach affecting approximately 450,000 current students and alumni, after a hacking group accessed its student records system. The incident, disclosed on Wednesday, has been reported to the UK’s Information Commissioner’s Office (ICO).

As a leading public research university with over 46,000 students and 7,000 staff, Nottingham ranks among the Top 20 institutions in the UK and the Top 100 globally. In an emailed statement to BleepingComputer, the university acknowledged that a “significant amount of data” was exposed. “The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group,” the statement read. “We are working with the third party that maintains the platform to lead a forensic investigation.”

The university emphasized its commitment to data security, adding, “We take the privacy and security of data that we hold seriously, and we have reported this incident to Action Fraud and the Information Commissioner’s Office.”

While the university has not officially attributed the attack, the ShinyHunters extortion gang claimed responsibility on Tuesday. The group posted an archive of allegedly stolen documents on their dark web leak site as proof of the breach. According to the cybercriminals, they exfiltrated over 40GB of data from the University of Nottingham and its campuses in Malaysia and China. The stolen information reportedly includes student finance records, billing and payment details, credit card numbers, and campus portal exports.

ShinyHunters further stated that the compromised data contains full names, home addresses, IP addresses, phone numbers, and dates of birth. After analyzing the leaked materials, breach notification service Have I Been Pwned confirmed on Wednesday that the breach impacts 454,600 individuals, both former and current students. The exposed data includes email addresses, extensive personal information such as names, addresses, phone numbers, ethnicities, disabilities, passport numbers, and details related to academic enrollments and fee payments.

This attack is part of a broader campaign by ShinyHunters targeting Oracle PeopleSoft instances. As BleepingComputer first reported, the gang has stolen data from over 100 organizations worldwide by breaching both cloud-based and on-premises PeopleSoft systems. PeopleSoft is an enterprise software suite used for managing human resources, finance, payroll, supply chain, procurement, and campus administration.

ShinyHunters told BleepingComputer that they exploit a “gadget chain” of zero-day vulnerabilities and older flaws in these attacks. However, they noted that the method does not work on all systems, likely because successful exploitation depends on each instance’s configuration. BleepingComputer has contacted Oracle for comment on whether the company is aware of an actively exploited PeopleSoft zero-day, but has not yet received a response.

Nottingham University is the second UK institution to disclose a data breach in recent days. Last week, the University of Oxford revealed that its CareerConnect career services platform was compromised on May 28. Oxford also reported a separate breach in early May, linked to ShinyHunters’ intrusion into Instructure’s Canvas learning management system (LMS).

(Source: BleepingComputer)

Topics

data breach 98% cybercriminal group 96% university security 94% stolen data 93% personal information 92% financial data 90% oracle peoplesoft 89% zero-day exploit 87% uk universities 85% incident response 84%