ShinyHunters Leak 40GB of University of Nottingham Student Data

Summary

The University of Nottingham has confirmed a data breach impacting approximately 450,000 students and staff records, including personal and financial information. The notorious ShinyHunters group allegedly leaked 40GB of data from the university's Campus Solutions network, affecting its China and Malaysia campuses. An investigation is underway with assistance from UK authorities.

Full text

Data Breaches Leaks SecurityShinyHunters Leak 40GB of University of Nottingham Student Data ShinyHunters hackers leak 40GB of University of Nottingham personal and financial data, allegedly impacting 450,000 students and staff records. byDeeba AhmedJune 11, 20262 minute read The University of Nottingham is the newest victim of the infamous ShinyHunters hacking group. On Wednesday, the university released a statement confirming that unauthorised individuals gained access to its Campus Solutions network- a system used to manage student records. Reportedly, the breach impacted data from the university’s China and Malaysia campuses, too, and this exposure impacts both current students and alumni. Immediate Response After detecting the attack on Tuesday, 9th June, the university immediately took the affected systems offline to contain the impact. While the university didn’t publicly name the perpetrators, its chief governance and risk officer, Jason Carter, stated in an internal email to students that the hackers had previously targeted a number of other organisations. An investigation is also launched with assistance from Action Fraud and the Information Commissioner’s Office. A dedicated support line is set up by the university at 0115 74 86500 to handle student inquiries and provide updates. What is the scope of the breach? In its official statement, the university admitted that a “significant amount” of its student record system data was accessed “by an external third party.” Also, it confirmed the exposed data includes contact details, student ID numbers, course information, and National Insurance numbers, which are unique numbers used in the UK for tax and employment tracking. However, before this statement, ShinyHunters had already published the alleged stolen data on their dark web leak site. Independent data breach monitoring services analysed the data and confirmed verifying around 455,000 unique email addresses along with extensive personal details. According to the ShinyHunter’s public post on their extortion site, they have stolen more than 40GB of data as part of their “pay or leak” extortion campaign. This includes “billing and payment records, credit card and payment details, student finance data, and campus portal exports from the University of Nottingham and its Malaysia and China campuses.” Additionally, the group alleges stealing “payer contact information, transaction amounts, IP addresses, full names, home addresses, postcodes, email addresses, phone numbers, dates of birth, and other internal campus data” as well. Screenshot credit Hackread.com Wrong Timing This incident’s timing is crucial since the university is already dealing with a labour dispute after notifying 2,700 staff members (a third of its workforce) about their probable redundancy over financial challenges, with the aim of cutting 600+ full-time jobs over the next three years. In response, the University and College Union members started an assessment boycott. They have refused to mark exams and assignments. Students, especially those in the final year, are the most affected in this situation as they have to face complications arising from the data leak and the boycott. Many students were already anxious about how their degrees would be graded, and this incident has added an angle of vulnerability, as their personal details were exposed online. (Photo by Alicja Ziaj on Unsplash) Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts Cyber AttackCyber CrimeCybersecurityEducationPrivacyShinyHuntersUnited KingdomUniversity of Nottingham Leave a Reply Cancel reply View Comments (0) Related Posts Security New Ticketbleed Vulnerability Bleeds Like Old Heartbleed.. Literally Filippo Valsorda, a researcher from Cloudflare, recently discovered a bug in F5’s BIG-IP Networks. The flaw has been dubbed as Ticketbleed, keeping… byUzair Amir Cyber Crime Malware Scams and Fraud Security Point-of-sale Systems Targeted By New PoSeidon Malware Beware all you retailers, a new Trojan program dubbed as PoSeidon targets point-of-sale or PoS terminals and can… byWaqas Read More Security Malware Scams and Fraud Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets. byWaqas Read More Security This Website is Selling Billions of Private Messages of Discord Users Millions of Discord messages sold online! Protect yourself from leaked usernames, photos & financial details. Learn how to secure your Discord account. byDeeba Ahmed

Entities