University Of Nottingham Says Hackers Accessed Data For Students
The university of nottingham says hackers accessed a significant amount of personal student data from its record system. The breach reached current students and alumni, and the university says financial information was among the material exposed.
Jason Carter, the chief governance and risk officer, said the university identified unauthorised activity on its Campus Solutions system on Tuesday. He said it “immediately took the affected systems offline to contain the incident and launched a comprehensive investigation”.
Campus Solutions and student records
The university believes the attackers came from a well-known cyber criminal group that had “previously targeted a number of other organisations”. That detail matters because the incident is not being treated as a one-off probe of a single system, but as part of a pattern the university says it already recognises.
The university said it was operating on the precautionary assumption that four categories of information had been accessed. It has not publicly broken those categories out in the material provided here, but it did say the accessed data included financial information, which raises the stakes for anyone who used the system for tuition or other payment-related records.
Nottingham contacts students directly
The university said all affected students and alumni have since been contacted. It also said, “We are working to understand the data that has been accessed and have contacted those students and alumni affected directly”.
Carter told affected students, “We are working to verify the exact scope of the data accessed and will provide further updates as our investigation confirms these details,” and the university added, “We will remain in contact with those directly impacted and will continue to provide updates as the situation develops.”
Action Fraud and the ICO
The university reported the incident to the Information Commissioner’s Office and said it was working closely with Action Fraud, the Information Commissioner’s Office, and other regulatory bodies. For students and alumni, that means the breach has moved beyond an internal IT problem and into a formal regulatory process.
The timing adds pressure. The cyber-attack came after the university told 2,700 staff that they were at risk of redundancy, and after it proposed cutting 609 of its 7,363 full-time equivalent roles over the next three years. Staff then began a boycott of marking and assessments, and the University and College Union said that boycott would effectively block the university from handing out graduation certificates.
For anyone affected by the data access, the practical step is to watch for the university’s follow-up messages and treat any request involving personal or financial details with caution, because the institution itself says the exact scope is still being worked through.
