ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

University of Nottingham Data Breach

nottingham.ac.uk
Limited exposure
Verified breach
Accounts exposed 454,635
Breach date 09 Jun 2026
Added to tracker 10 Jun 2026
Data classes 15

What happened

In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".

Exposed data

Academic records Citizenship statuses Dates of birth Disabilities Email addresses Ethnicities Genders IP addresses Names Passport numbers Phone numbers Physical addresses Purchases Salutations Usernames

Recommended actions

  • Watch for targeted phishing emails referencing University of Nottingham โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP