**The University of Nottingham** announced on Wednesday that a cybercriminal group successfully gained unauthorized access to its student records system. The breach has impacted both current students and alumni, exposing a “significant amount of data.” The university, a prominent public research institution with over 46,000 students, has reported the incident to the UK’s **Information Commissioner’s Office** and **Action Fraud**. While the university did not name the perpetrators, the **ShinyHunters** extortion gang publicly claimed responsibility on Tuesday. They shared an archive of allegedly stolen documents as proof on their dark web leak site. ### Data Exfiltration Details **ShinyHunters** asserts to have exfiltrated over 40GB of documents from the **University of Nottingham**, including its Malaysia and China campuses. The stolen data reportedly includes: * Student finance data * Billing and payment information * Credit card and payment details * Campus portal exports * Full names, home addresses, IP addresses, phone numbers, and dates of birth  Breach notification service **Have I Been Pwned** confirmed the scale of the incident, stating that 454,600 former and current students are affected. Their analysis indicates that the exposed information includes email addresses, extensive personal details (names, addresses, phone numbers, ethnicities, disabilities), passport numbers, and data related to academic enrollments and fee payments. ### Broader PeopleSoft Campaign This attack on the **University of Nottingham** is not an isolated event. It is part of a widespread data theft campaign by **ShinyHunters** targeting over 100 organizations globally. The group has been exploiting vulnerabilities in cloud and on-premises instances of **Oracle PeopleSoft**, an enterprise business software suite used for managing large-scale operations across various sectors, including human resources, finance, and campus administration. **ShinyHunters** informed BleepingComputer that they are leveraging a “gadget chain” comprising both zero-day and older vulnerabilities in these attacks. They noted that the exploit’s success varies, likely depending on the specific configuration of each **PeopleSoft** instance. This incident marks the second UK university to disclose a data breach in recent days. The **University of Oxford** recently revealed a compromise of its **CareerConnect** career services platform on May 28. Earlier in May, **Oxford University** also reported a second data breach following **ShinyHunters**' attack on **Instructure’s Canvas** learning management system (LMS).