ShellCodeX Breach Report
University of Nottingham Data Breach
nottingham.ac.uk
Verified breach
Accounts exposed
454,635
Breach date
09 Jun 2026
Added to tracker
10 Jun 2026
Data classes
15
What happened
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".
Exposed data
Academic records
Citizenship statuses
Dates of birth
Disabilities
Email addresses
Ethnicities
Genders
IP addresses
Names
Passport numbers
Phone numbers
Physical addresses
Purchases
Salutations
Usernames
Recommended actions
- Watch for targeted phishing emails referencing University of Nottingham โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP