Nottingham University cyber attack: Everything we know so far as ShinyHunters claims responsibility

Data belonging to around 450,000 present and former Nottingham University students has been compromised in an attack claimed by the ShinyHunters ransomware group.

The data is believed to include contact information, including names, email and postal addresses, course information, student and staff IDs, financial information, and national insurance numbers.

The university said that when the incident was detected, it immediately took the affected systems offline.

"We are working to understand the data that has been accessed and have contacted those students and alumni affected directly. We are working closely with Action Fraud, the Information Commissioner’s Office, and other regulatory bodies," it said in a statement.

Latest Videos From

Watch full video here:

"We will remain in contact with those directly impacted and will continue to provide updates as the situation develops."

ShinyHunters claims responsibility

The attack has been claimed by the ShinyHunters gang, which said on its dark web leak site that it had accessed more than 40GB of data relating to students at the university's Malaysia and China campuses, as well as the main Nottingham campus itself.

The group said it wasn't bluffing and that 'the inevitable' would happen if a ransom wasn't paid – something that the government prohibits universities from doing.

This is the latest in a string of attacks against the higher education sector, which is often seen as a soft target.

"One thing we can say for certain is that the higher education sector is at increased risk of attack today and it is vital these organizations take steps to improve their defenses. Universities are highly valuable to an array of attackers, some looking to steal IP or research, or others looking to monetise on data," said Keven Knight, CEO of Talion.

"The sector needs to recognise these risks and take urgent action to improve the defences of their environments, either through their own internal resources, or by partnering with security experts that specialise in the sector."

University criticized for response

The university has come in for criticism over the way it has handled the breach, particularly with regard to the timeframe.

"Most concerning is the claim that attackers remained undetected in the University of Nottingham’s systems for over a week, giving them ample opportunity to access additional data or move laterally through the network," said Adam Boynton, senior enterprise strategy manager at Jamf.

Brian Higgins, security specialist at Comparitech, suggested the university failed to give students as much information as it should.

"Apart from reporting it to the Information Commissioner’s Office, who can’t actually do anything about it, and reassuring themselves that they take security seriously, at this stage there is more information coming from Have I Been Pwned and ShinyHunters themselves about what’s going on," he said.

"Users, customers and learners deserve better from those entrusted with their data in our current digital society. A few press statement platitudes are useless when all of your information is for sale on the dark web because somebody else leaked it there."

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.