Cyber gangs access students' personal data in University of Nottingham hack

Cyber gangs access students' personal data in University of Nottingham hack The University of Nottingham has told students a 'significant' amount of data has been accessed in a major cyber-attack, reportedly carried out by a group called the Shinyhunters Students at one of the country's leading universities have been left exposed by a major cyber attack which could disrupt their exam marking. Pupils' personal and financial data could have been accessed at the University of Nottingham following the recent breach. Hackers gained access to the student's records system at the end of May, according to staff - potentially revealing their personal information. Financial details are also stored within the software, along with personal information like NI numbers and education history. In an email sent to students, chief governance and risk officer Jason Carter said it was possible data had been accessed by a "well-known cyber criminal group that has previously targeted a number of other organisations". Following the breach, the university took the system offline to conduct an investigation, resulting in disruption to exam marking, according to workers. In a statement, the university apologised to those affected for "any anxiety" caused by the attack. The Nottingham Post report that the data violation into the Campus Solutions platform by a group of cybercriminals, understood to be the Shinyhunters, was only detected on by staff Tuesday. A University of Nottingham spokesperson said: "The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group. "We are working with the third party that maintains the platform to lead a forensic investigation. "We understand that those affected will have concerns about what this means for their personal data and we will be offering advice and support to our students as we learn more. "We take the privacy and security of data that we hold seriously, and we have reported this incident to Action Fraud and the Information Commissioner’s Office. "The university will continue to provide them with further information as our investigation progresses." An email sent to impacted students by the university warned them to be vigilant on "unexpected or suspicious communication", particularly requesting financial information. In the email Jason Carter, the university's chief governance and risk officer, described the breach as a "serious incident", said he was "deeply sorry" and asked affected people to change passwords. Asked what information the Campus Solutions software stored, one staff member simply replied "everything" before adding "I would like to think a good, effective organisation would notice if a major thing like this happened. You'd hope it wouldn't take 10 days to notice." The employee added that he believed the data of thousands of people had been compromised. If problems with the hacked software continued into next week this would be "hugely disruptive" to exam marking, they added. The University of Nottingham said it had contacted the Information Commissioner's Office, which investigates data breaches, and the National Crime Agency said it was aware of the breach. “We are aware of an incident affecting the University of Nottingham and are working alongside partners to better understand the impact,” a NCA spokesperson said.