ShinyHunters Steal 40GB From University of Nottingham, Exposing 454,600 Students
The University of Nottingham confirmed a cyber incident in its student record system on June 11, 2026. The ShinyHunters gang claims 40GB of data on 454,600 current and former students, including passport numbers, financial records, and campus portal exports. The records came from an Oracle PeopleSoft system breached in a wider campaign against 100-plus organizations.
VaultTools · June 13, 2026
Table of Contents
- What happened
- What was exposed
- How it happened
- The disclosure timeline
- Why this matters for browser-based file tools
- Sources
What Happened
The University of Nottingham confirmed it was the victim of a cyber incident after the extortion group ShinyHunters claimed to have stolen data from its student record system. In a statement quoted by The Register, the university said: “The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group.”
According to BleepingComputer, the breach affects 454,600 current and former students. Have I Been Pwned, which loaded the leaked dataset, recorded 455,000 unique email addresses. ShinyHunters claimed the haul totals “over 40GB of documents,” and the gang said it also pulled records from the university’s Malaysia and China campuses, so both current students and alumni are caught up in it.
What Was Exposed
This was not a list of names and emails. According to BleepingComputer and The Register, the compromised fields include:
- Full names, home addresses, and postcodes
- Phone numbers, email addresses, and IP addresses
- Dates of birth
- Passport numbers
- Ethnicities and disability information
- Academic enrollment records and fee payment details
- Student finance data, billing and payment records, and credit card details
- Campus portal exports
That is a near-complete identity dossier on nearly half a million people. The mix of passport numbers, dates of birth, home addresses, and payment details is precisely what is needed to commit identity fraud or run convincing targeted phishing against students and graduates.
How It Happened
The Register reports the stolen records came from an Oracle PeopleSoft student records system. The Nottingham theft is one node in a much larger ShinyHunters campaign: the group has hit more than 100 organizations globally by exploiting PeopleSoft, using what BleepingComputer describes as “a gadget chain of zero-days and old vulnerabilities” to reach data held in these enterprise systems.
The common thread is concentration. A single student records platform held the names, identity documents, and financial details of 454,600 people in one place, and one intrusion into that platform exposed all of it at once.
The Disclosure Timeline
- June 9, 2026: The university detects the attack and takes the affected systems offline to contain it, according to IT Pro.
- June 10, 2026: ShinyHunters claims responsibility and the stolen dataset surfaces, as reported by The Register and BleepingComputer.
- June 11, 2026: The University of Nottingham publicly confirms the cyber incident and reports it to Action Fraud and the Information Commissioner’s Office.
The university says it is working with the ICO and other regulators, but for the affected students the exposed passport numbers and dates of birth cannot be reissued or reset.
Why This Matters for Browser-Based File Tools
The detail that should give everyone pause is “40GB of documents” and “campus portal exports.” Those are files: scanned IDs, finance paperwork, and bulk data dumps, all collected, uploaded, and parked inside one internet-facing system. Once an attacker is inside that system, every document in it leaves at once.
VaultTools is built to remove that failure mode for the files you control. Every tool here runs client-side, in your browser, compiled to WebAssembly. When you compress a PDF, strip EXIF data from a photo, redact a scan, or convert a document, the bytes never leave your device. There is no upload, no server-side copy, and no central archive that can be exfiltrated in a 40GB dump months later.
You cannot personally fix how a university stores its records. But for your own documents, the safest architecture is the simplest one: a file that never leaves the device cannot be in the next breach. Every copy you hand to a third-party server is a copy you can no longer protect.
Sources
- ShinyHunters raids Nottingham Uni for student, alumni data (The Register, June 11, 2026)
- Nottingham University data breach affects over 450,000 students (BleepingComputer, June 2026)
- University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft (The Record, June 2026)
- ShinyHunters Leak 40GB of University of Nottingham Student Data (Hackread, June 2026)
- Nottingham University cyber attack: Everything we know so far (IT Pro, June 2026)