University of Nottingham confirms it received no ransom request following cyber attack

The University of Nottingham has confirmed students’ data is not being held for ransom in the recent cyber attack.

On 9th June, cyber criminals accessed personal student data on the University of Nottingham’s Campus Solutions system.

An update on the university’s website on Wednesday shared how attackers accessed part of the university system. A forensic investigation revealed attackers exploited a vulnerability in Oracle WebLogic, a third-party software platform.

The East Midlands Special Operations Unit (EMSOU) is conducting a criminal investigation into the attack. Up to 450,000 email addresses are expected to have been affected.

The personal data of students, some alumni, and applicants may have been accessed. This includes names, staff and student IDs, and financial information.

A forensic investigation is ongoing, and the university does not yet have a confirmed list of all the data fields accessed. The system is currently offline as the university works to secure and rebuild it.

A criminal hacker group known as ShinyHunters has claimed responsibility for the attack, according to website ‘Have I Been Pwned‘. The website’s founder said this would likely mean the university were asked to pay money to the group or the data would be published.

However, the university confirmed it had not received a direct request for ransom in exchange for the data.

via Unsplash

In an email sent to students on Tuesday, Jason Carter, Chief Governance and Risk Officer, said: “The investigation is complex and that is why it will take some time to complete. Teams are also working to rebuild the system securely to provide a higher level of confidence against cyber attacks.”

He went on to say: “I can also confirm that this was not a ransomware attack and it was not an accidental disclosure. This means that the data is still retained and not lost, and the incident has been the result of unauthorised access by an external party. The university also didn’t receive any direct request for a financial ransom for this data.”

Most Read

Oliver Tree shared heartbreaking details of his money and will just weeks before his tragic death

‘I don’t remember’: Brazil bungee staff speak for first time as woman dies in horror jump

Bungee jumper who died after ropes weren’t attached was still alive when found, nurse shares

A University of Nottingham spokesperson said: “The University of Nottingham has been the victim of a cyber incident and a significant amount of data in our student record system has been accessed by a well-known cybercriminal group.

“This is now the subject of a criminal investigation. We are working with the third party that maintains the platform to investigate and we will continue to support the police with their enquiries. While the investigation continues, we are unable to provide further information on the nature and extent of the cyber attack.

“We understand that those affected will have concerns about what this means for their personal data and we are contacting them directly to offer advice and support as we learn more about the incident. We have set up a telephone helpline to provide practical support and advice for anyone that has concerns over how this incident may have affected the security of their personal data.

“We take the privacy and security of data that we hold seriously. We have notified the Information Commissioners’ Office in accordance with our legal obligations. The National Cyber Security Centre, the Office for Students and Action Fraud have also been notified.”

The university has set up a helpline to support anyone affected. Students, alumni, and applicants are advised to monitor their accounts and update any credentials shared with university accounts.

Oracle has been approached for comment.