The University of Nottingham said hackers accessed a significant amount of personal student data in a cyber-attack detected on Tuesday, forcing the university to take affected systems offline while it tries to work out exactly what was taken.
The breach is being searched now because the university has already begun contacting current students and alumni whose details may have been exposed, while also warning that financial information may be among the records accessed from its Campus Solutions system. Jason Carter said the university immediately moved to contain the incident and opened a comprehensive investigation, adding that it was still trying to verify the exact scope of the data accessed and would provide further updates as those details are confirmed.
For Abigail Maguire, the concern is not just that her records may have been taken, but how they could be used. She said she fears the university will rely on her earlier grades when it calculates her final degree result, even though she says that would not reflect the work she has done in her final year. That worry lands at a university already under pressure from elsewhere on campus, with staff told 2,700 jobs are at risk of redundancy and marking and assessment boycotts under way.
The university said the data believed to have been accessed came from its record system and involved information on current students and alumni. It said it was working closely with Action Fraud, the Information Commissioner's Office and other regulatory bodies, and that those behind the attack had previously targeted a number of other organisations. But even after contacting affected people, the university says it has not yet verified the exact scope of the breach, leaving open the basic question of which specific records are now in other hands.
It has promised to stay in contact with those affected and keep issuing updates as the investigation develops. For students and alumni, the next answer that matters is not whether a breach happened — that part is already clear — but whether the exposed files include enough information to create a lasting risk beyond this week.
