University of Nottingham Cyberattack Exposes Student Financial and Personal Data

Hackers accessed a significant amount of personal data belonging to University of Nottingham students and alumni, potentially including financial records, National Insurance numbers and protected characteristics.

The university detected unauthorized activity in its Campus Solutions student records system on Tuesday and took affected systems offline. It has contacted impacted individuals and reported the incident to Action Fraud, the Information Commissioner’s Office and other regulators.

Chief Governance and Risk Officer Jason Carter said the attackers were linked to a cybercriminal group that had previously targeted other organizations.

The university is working on the precautionary assumption that exposed data may include names, email and postal addresses, course information, university IDs, financial details and National Insurance numbers.

“We are working to understand the data that has been accessed and have contacted those students and alumni affected directly,” the university said.

The exact attack method has not been confirmed, but cybersecurity experts warned the incident could be part of a wider supply chain campaign.

Raluca Saceanu, CEO of Smarttech247, said inconsistent security standards across vendors can undermine even mature cybersecurity programs.

“We've seen this type of supply chain attack before. It's yet another example of how the best cybersecurity strategy in the world is worthless if partners up and down the chain aren't working to the same standards. The Salesloft Drift breach, where a single compromised integration exposed over 700 organisations, proves exactly this point. Most attackers don't discriminate: Nottingham is likely just the first tremor in a chain reaction of similarly affected businesses. In this environment, trust is critical. That's only possible if all parties react swiftly and effectively to the threat; if communications are open and intelligence is shared immediately; and if security in every organisation has a human face that's clearly following best practice and protocols. Without this, every part of the supply chain remains an island. And isolated victims are much easier to pick off."

Lee Sult, chief investigator at Binalyze, said attackers frequently target shared technology because it can provide access to multiple organizations.

“If this is a supply chain attack, it’s another painful reminder that attackers love the path of least resistance. Why compromise a group of organisations separately when you can just do one and move laterally from there? It also makes it clear that nobody is exempt from being a target: if you use software, you’re in the firing line."

“Initial reports suggest the attackers have stolen financial data and even National Insurance numbers. That can be used for devastating follow-on attacks should the data be shared among cybercriminal groups for scams and phishing attempts."

Sult said a rapid forensic investigation will be critical to determining the full scope of the breach and helping affected students protect themselves.

“That’s why thorough, fast investigations are crucial to know exactly what happened, showing victims the right steps have been taken to mitigate impact, and getting the word out to all who may have been affected.”

Affected students and alumni should be alert for phishing messages, identity theft attempts and fraudulent communications referencing university records or financial information.