University of Nottingham Data Breach

Leading data breach lawyers say that the recent announcement by the University of Nottingham that a well-known cyber criminal group have accessed a "significant amount" of personal data of current students and alumni held by the University is likely to be worrying to those affected and may lead to substantial claims for compensation.

In an email sent out to affected students and alumni on 10^th June 2026, the University of Nottingham confirmed that their Campus Solutions student records platform had been unlawfully accessed.  It added:

“While our investigation is ongoing, we are operating on the precautionary assumption that the following data may have been accessed:

•           Contact information (names, email and postal addresses)

•           University-related details (course information, student/staff ID)

•           Financial information (where stored within the system)”

The University also stated that they had formally reported this incident to the Information Commissioner’s Office and Action Fraud.  They confirmed that their investigations were continuing to verify the exact scope of the data accessed and that they would provide further updates in due course. They confirmed that information held about those affected since their graduation has not been impacted, as this is held in a separate system.

ShinyHunters, a notorious cyber criminal hacker and extortion group, have claimed responsibility for the attack and posted information on their dark web site of allegedly stolen documents as proof.  It claimed to have stolen around 40 GB of data, including “billing and payment records, credit card and payment details, student finance data".

After analysing the leaked data, breach notification service Have I Been Pwned have reported that the data breach affects 454,600 former and current students.

In the meantime, the University have urged those affected to take the following precautions:

“•         Monitor your accounts: Be vigilant regarding any unexpected or suspicious communication – especially those requesting financial information or credentials.

•           Update credentials:  As a proactive measurement, update passwords for any accounts that share credentials with any university systems that you have previously used.

•           Stay informed:  We have established a dedicated support line at +44 (0)115 748 6500.”

Sean Humber, a data breach specialist and partner at Leigh Day, who has successfully acted in a series of claims relating to the unauthorised disclosure of confidential information over the last 20 years, stated:

“As details slowly emerge, it is increasingly clear that this is a very serious data breach and that this is likely to be an uncertain and worrying time for those affected.  The University now need to urgently establish precisely who has been affected, what personal information has been accessed and who now has access to it.” 

Gene Matthews, a partner at Leigh Day, who has successfully acted in a succession of group claims over the last 20 years, added:

“As part of its investigation, it is essential that the Information Commissioner’s Office clarify how criminals were able to access the Campus Solutions student records platform in the first place and assess the adequacy or otherwise of the security measures in place.  If it turns out that the security measures were inadequate, those affected are likely to be entitled to compensation for the distress and anxiety caused by the breach as well as any financial losses that they may have suffered.”

If you have been affected by this data breach and wish to receive further information, in complete confidence and without any obligation, about bringing a claim for compensation on a “no win, no fee” basis then please get in touch by completing our form

Information was correct at time of publishing. See terms and conditions for further details.