12/06/2026
The University of Nottingham has confirmed that a significant amount of personal data relating to current students and alumni has been accessed following a cyber attack on its student records system.
In a statement issued on 10 June 2026, the University said it had identified unauthorised activity within its Campus Solutions system and immediately took the affected systems offline while a comprehensive investigation was launched.
The University has confirmed that two groups have been affected by the incident: current students and alumni.
According to information provided directly to affected individuals, the University is currently working on the precautionary assumption that the following categories of information may have been accessed:
- Contact information, including names, email addresses and postal addresses;
- University-related information, including course details and student or staff identification numbers;
- Financial information;
- Personal information, including National Insurance numbers and certain protected characteristic data.
The University has stated that investigations remain ongoing and that work is continuing to verify the precise scope of the information accessed.
In communications sent to affected individuals, the University indicated that the attack is believed to have been carried out by a cybercriminal group that has previously targeted a number of organisations.
The incident has been reported to Action Fraud, the Information Commissioner’s Office (ICO) and other relevant regulatory bodies.
A spokesperson for the ICO confirmed that the University has notified the regulator and that the information provided is currently being assessed.
The University has apologised to those affected and established a dedicated support line while investigations continue.
Cyber incidents involving large organisations continue to demonstrate the importance of robust information security measures, incident response planning and transparent communication with individuals whose personal data may be affected.
Whilst investigations are still at an early stage, this incident serves as a reminder of the significant volumes of personal information held by universities and the importance of protecting that information throughout its lifecycle.
Individuals who have received notification from the University should remain alert to potential phishing attempts, unexpected communications and other fraudulent activity that may seek to exploit information obtained through the breach.
JH Data Protection Limited 
Leave a comment