cyber-crime
Crooks claim 40 GB haul as breach database pegs number of exposed email addresses at 455K
The University of Nottingham has confirmed a cyberattack on its student record system after the ShinyHunters crew claimed to have stolen tens of gigabytes of data from the Russell Group institution.
“The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group,” a spokesperson told The Register.
“We are working with the third party that maintains the platform to lead a forensic investigation. We understand that those affected will have concerns about what this means for their personal data and we will be offering advice and support to our students as we learn more.
“We take the privacy and security of data that we hold seriously, and we have reported this incident to Action Fraud and the Information Commissioner’s Office. The university will continue to provide them with further information as our investigation progresses.”
ShinyHunters claimed responsibility for the attack on Tuesday, saying they had stolen around 40 GB of the institution’s data. It reckons this included billing and payment records, credit card and payment details, student finance data, and “campus portal exports.”
The criminal crew further claimed that the University of Nottingham’s Malaysia and China campuses were also compromised.
On Wednesday evening, breach notification service Have I Been Pwned added the 10 GB dataset leaked by ShinyHunters to its database, saying around 454,600 university-related email addresses were included.
“Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information, including names, addresses, phone numbers, ethnicities, disabilities, passport numbers, and information relating to academic enrolments and fee payments,” HIBP stated.
Around the same time, the university acknowledged the attack publicly, saying it affected both current students and alumni.
Individuals believed to be affected have been contacted directly, and the university has stood up a dedicated support line.
The attack could hardly have come at a worse time for Nottingham, which is embroiled in a dispute with staff after confirming hundreds of redundancies over the next three years.
University employees, including teaching staff, have revolted, protesting against the decision by refusing to mark students’ assessments.
The University and College Union (UCU) entered a period of industrial action on June 1, saying it would not end until July 31. This includes a two-month strike and a boycott of marking duties, similar to action taken by staff in 2022 and 2023.
Students have just finished sitting their end-of-year exams, but potentially face having their degree classification decided by predictions based on prior grades, per the university’s contingency plans, if staff continue to refuse to carry out marking duties.
Alternatively, students can wait to receive their final results, but these will come later than their peers’ – not just at Nottingham but at other UK universities – and leave them at a time disadvantage when applying for graduate schemes and entry-level jobs.
UK education battered
The attack on the University of Nottingham comes amid a spate of other incidents affecting UK schools.
Powys council confirmed on June 4 that a cyberattack was affecting 13 schools in the Welsh county, and that data had been stolen from at least one of them.
Additionally, Great Marlow School in Buckinghamshire entered its second day of a shutdown today after a “suspected malware attack” on the school forced it into a containment phase.
Most students, other than those attending to take their GCSE and A-level exams, have been told to stay home, with teachers unable to set remote work.
Students should access what revision materials they can via the school’s Microsoft Teams network. ®
Biting the hand that feeds IT
