University of Nottingham student-records breach claimed by ShinyHunters (2026)
The University of Nottingham confirmed a cyber incident after the ShinyHunters extortion group claimed to have stolen around 40 GB of data from its student-records system, exposing roughly 455,000 email addresses along with names, passport numbers, and fee-payment details.
- Victim
- University of Nottingham
- records
- 455.0K
On 11 June 2026, the University of Nottingham β a Russell Group university in the United Kingdom β confirmed it had suffered a cyber incident after the data-extortion group ShinyHunters claimed to have raided its student-records system. The group says it stole around 40 GB of data covering current students and alumni, and that it also compromised the university's Malaysia and China campuses.
What happened
ShinyHunters announced the attack on 9 June 2026, and the breach-notification service Have I Been Pwned subsequently indexed roughly 454,600 unique email addresses drawn from the leaked dataset. According to reporting on the published data, the exposed records included names, postal addresses, phone numbers, ethnicities, disability information, passport numbers, and details relating to academic enrolment and fee payments β an unusually sensitive combination for an education-sector breach.
The university confirmed that "a significant amount" of data in its student-records system had been accessed by a well-known cybercriminal group, and said it had reported the incident to Action Fraud and the UK's Information Commissioner's Office. The University of Nottingham Malaysia campus said separately that it was still assessing the impact on its own community.
Impact
- Roughly 455,000 unique email addresses exposed; HIBP indexes about 454,600 affected accounts.
- ShinyHunters claims to have exfiltrated around 40 GB of student and alumni data.
- Exposed fields reportedly include names, addresses, phone numbers, ethnicities, disability data, passport numbers, and fee-payment records.
- The group claims the university's Malaysia and China campuses were also affected.
- Reported to Action Fraud and the Information Commissioner's Office; no ransom is known to have been paid.
Why it matters
Universities have become a favourite target for data-extortion crews because they hold dense, structured personal data on hundreds of thousands of people β and the Nottingham dataset, mixing passport numbers and disability information with contact details, is the kind of record that fuels identity fraud for years. The breach lands amid a broader ShinyHunters campaign against the higher-education sector in mid-2026, underscoring how attractive student-information systems have become to groups that monetise stolen data through direct extortion rather than encryption.
Timeline
ShinyHunters announces the attack on the University of Nottingham and claims to have stolen around 40 GB of data.
The university confirms a cyber incident affecting its student-records system; Have I Been Pwned indexes roughly 454,600 affected email addresses.
Sources
- therecord.mediahttps://therecord.media/university-of-nottingham-cyber-incident-shiny-hunters
- theregister.comhttps://www.theregister.com/cyber-crime/2026/06/11/shinyhunters-raids-nottingham-uni-for-student-alumni-data/5253961
- computing.co.ukhttps://www.computing.co.uk/news/2026/security/significant-amount-of-data-stolen-in-nottingham-university-cyberattack
- westbridgfordwire.comhttps://westbridgfordwire.com/university-of-nottingham-warns-personal-data-may-have-been-exposed-in-cyber-incident/
- freemalaysiatoday.comhttps://www.freemalaysiatoday.com/category/nation/2026/06/11/university-of-nottingham-malaysia-still-assessing-impact-of-cyberattack