The University of Nottingham has warned that personal data may have been exposed following a data security incident involving its student records platform.
In an update sent to those potentially affected, the university said it had “reason to believe” personal data may have been exposed after unauthorised activity was identified within its Campus Solutions student records platform on Tuesday 9 June.
It said the affected systems were immediately taken offline to contain the incident and that a comprehensive investigation had been launched.
The update said the university was still investigating the nature of the incident, but added that it was “likely” data had been accessed by a well-known cybercriminal group which has previously targeted other organisations.
The university said it is working with the third party that maintains the Campus Solutions platform to lead a forensic investigation and prevent any further data loss.
While the investigation continues, the university said it is operating on the precautionary assumption that several categories of data may have been accessed.
These include contact information such as names, email addresses and postal addresses; university-related details including course information and student or staff ID; financial information where stored within the system; and personal information including National Insurance numbers and protected characteristics.
The university apologised for the situation and said it recognised the concern or anxiety it may cause.
It added that work is ongoing to verify the exact scope of the data accessed and that further updates will be provided as the investigation confirms more details.
The University of Nottingham said it had contacted the Information Commissioner’s Office, which investigates data breaches.
The National Crime Agency is also aware of the breach.
