ShinyHunters has added the University of Nottingham to its data leak site, claiming to possess more than 40 GB of data allegedly stolen from the university and its campuses in Malaysia and China.
The threat actor claims the archive contains financial records, payment information, student finance data, campus portal exports, and other internal university information. The listing advertises a compressed archive exceeding 19 GB and was updated on June 10, 2026.
The University of Nottingham is a public research university headquartered in the United Kingdom with campuses spanning multiple countries and a student population of more than 50,000.
ShinyHunters alleges exposure of financial and student data
According to the leak site listing, the alleged dataset contains more than 40 GB of information originating from the University of Nottingham as well as its Malaysia and China campuses.
The threat actor claims the exposed data includes:
- Billing and payment records
- Credit card and payment information
- Student finance data
- Campus portal exports
- Payer contact information
- Transaction amounts
- IP addresses
- Full names
- Home addresses
- Postcodes
- Email addresses
- Phone numbers
- Dates of birth
- Additional internal campus data
The listing also references a downloadable archive and includes a SHA-256 checksum, suggesting the data has allegedly been packaged for distribution.
International campus claim remains unverified
The most notable aspect of the listing is its claim that the dataset includes information associated with multiple University of Nottingham campuses across different countries. However, no public evidence has been released that independently verifies the authenticity of the alleged data.
The posting does not disclose how access was allegedly obtained, when the purported intrusion occurred, or whether the information represents current university records.
Universities remain attractive targets for cybercriminal groups because they maintain large volumes of financial, personal, academic, and administrative information. Data involving payment systems and student financial records can present significant fraud and identity theft risks if exposed.
Recent education sector incidents covered by BreachNews include Evanston Township High School’s confirmed ransomware attack and the Canvas-related breach affecting schools across the United States, highlighting continued pressure on educational institutions.
University has not issued public statement
The University of Nottingham had not issued any public statement regarding the alleged breach at time of publication.
BreachNews will update this article if the university confirms the incident or provides additional information regarding the claims.
