Data Breach

University of Nottingham Data Breach June 2026 - What Was Exposed and What To Do

454,635 records exposed

The University of Nottingham data breach exposed 454,635 records including Academic records, Citizenship statuses, Dates of birth, Disabilities, Email addresses, Ethnicities, Genders, IP addresses, Names, Passport numbers, Phone numbers, Physical addresses, Purchases, Salutations, Usernames. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.

What Happened

In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".

Breach date
2026-06-09
Records affected
454,635
Verified
Yes
Domain
nottingham.ac.uk

What Was Exposed

The following data types were included in the breach:

  • Academic records
  • Citizenship statuses
  • Dates of birth
  • Disabilities
  • Email addresses
  • Ethnicities
  • Genders
  • IP addresses
  • Names
  • Passport numbers
  • Phone numbers
  • Physical addresses
  • Purchases
  • Salutations
  • Usernames

What You Should Do

If you had an account with University of Nottingham, take these steps immediately:

  1. Check if your account was affected at HaveIBeenPwned.com
  2. Watch for phishing emails that reference the breach or impersonate the affected company
  3. Be alert for social engineering attempts using your exposed personal information
  4. Enable two-factor authentication on the affected service if available
  5. Consider using a password manager to generate unique passwords for each service

FAQ

Was my data in the University of Nottingham breach?
Check HaveIBeenPwned.com to see if your email address was included in the University of Nottingham breach. The breach exposed 454,635 records containing Academic records, Citizenship statuses, Dates of birth, Disabilities, Email addresses, Ethnicities, Genders, IP addresses, Names, Passport numbers, Phone numbers, Physical addresses, Purchases, Salutations, Usernames.
What should I do if my data was exposed in the University of Nottingham breach?
Change your password on the affected service immediately. Enable two-factor authentication. If financial data or government IDs were exposed, place a fraud alert with credit bureaus and monitor your accounts for unauthorized activity.
When did the University of Nottingham data breach happen?
The University of Nottingham breach occurred on 2026-06-09. It was added to the HaveIBeenPwned database on 2026-06-10. The breach affected 454,635 accounts.

Need Incident Response?

Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.

Get Incident Response Help