You may have seen that the University of Nottingham looks to be the first public victim of a new attack salvo by ShinyHunters.
We know this information is likely to cause concern for students and staff in our community and we apologise for any anxiety that this may cause.
Two groups have been impacted by the incident – current students, and alumni.
We are working to understand the data that has been accessed and have contacted those students and alumni affected directly. We are working closely with Action Fraud, the Information Commissioner’s Office, and other regulatory bodies.
We will remain in contact with those directly impacted and will continue to provide updates as the situation develops.
Targeted at Oracle’s Peoplesoft software, it seems like yet another example of supply chain attacks that can spread far and wide at little cost to the attacker.
Raluca Saceanu, CEO of Smarttech247, argues that the best strategy in the world is worthless if you can’t trust the whole chain:
“We’ve seen this type of supply chain attack before. It’s yet another example of how the best cybersecurity strategy in the world is worthless if partners up and down the chain aren’t working to the same standards. The Salesloft Drift breach — where a single compromised integration exposed over 700 organisations — proves exactly this point. Most attackers don’t discriminate: Nottingham is likely just the first tremor in a chain reaction of similarly affected businesses. In this environment, trust is critical. That’s only possible if all parties react swiftly and effectively to the threat; if communications are open and intelligence is shared immediately; and if security in every organisation has a human face that’s clearly following best practice and protocols. Without this, every part of the supply chain remains an island. And isolated victims are much easier to pick off.”
Lee Sult, Chief Investigator of Binalyze, points out how organisations can try and disrupt ShinyHunters’ apparent winning streak:
“If this is a supply chain attack, it’s another painful reminder that attackers love the path of least resistance. Why compromise a group of organisations separately when you can just do one and move laterally from there? It also makes it clear that nobody is exempt from being a target: if you use software, you’re in the firing line.
“Initial reports suggest the attackers have stolen financial data and even National Insurance numbers. That can be used for devastating follow-on attacks should the data be shared among cybercriminal groups for scams and phishing attempts.
“If it’s all true, ShinyHunters is on a winning streak against universities. This is the latest addition to their trail of havoc in the education sector. Just recently we had the ransomware attack and settlement on education software provider Canvas which impacted countless universities and people. They’re getting what they want from their attacks.
“That’s why thorough, fast investigations are crucial to know exactly what happened, showing victims the right steps have been taken to mitigate impact, and getting the word out to all who may have been affected.”
My advice is that ShinyHunters is a force to be taken seriously. Thus if you don’t take them seriously, you will pay the price.
Related
This entry was posted on June 10, 2026 at 12:13 pm and is filed under Commentary with tags ShinyHunters. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
University of Nottingham first public victim in latest ShinyHunters attack
You may have seen that the University of Nottingham looks to be the first public victim of a new attack salvo by ShinyHunters.
We know this information is likely to cause concern for students and staff in our community and we apologise for any anxiety that this may cause.
Two groups have been impacted by the incident – current students, and alumni.
We are working to understand the data that has been accessed and have contacted those students and alumni affected directly. We are working closely with Action Fraud, the Information Commissioner’s Office, and other regulatory bodies.
We will remain in contact with those directly impacted and will continue to provide updates as the situation develops.
Targeted at Oracle’s Peoplesoft software, it seems like yet another example of supply chain attacks that can spread far and wide at little cost to the attacker.
Raluca Saceanu, CEO of Smarttech247, argues that the best strategy in the world is worthless if you can’t trust the whole chain:
“We’ve seen this type of supply chain attack before. It’s yet another example of how the best cybersecurity strategy in the world is worthless if partners up and down the chain aren’t working to the same standards. The Salesloft Drift breach — where a single compromised integration exposed over 700 organisations — proves exactly this point. Most attackers don’t discriminate: Nottingham is likely just the first tremor in a chain reaction of similarly affected businesses. In this environment, trust is critical. That’s only possible if all parties react swiftly and effectively to the threat; if communications are open and intelligence is shared immediately; and if security in every organisation has a human face that’s clearly following best practice and protocols. Without this, every part of the supply chain remains an island. And isolated victims are much easier to pick off.”
Lee Sult, Chief Investigator of Binalyze, points out how organisations can try and disrupt ShinyHunters’ apparent winning streak:
“If this is a supply chain attack, it’s another painful reminder that attackers love the path of least resistance. Why compromise a group of organisations separately when you can just do one and move laterally from there? It also makes it clear that nobody is exempt from being a target: if you use software, you’re in the firing line.
“Initial reports suggest the attackers have stolen financial data and even National Insurance numbers. That can be used for devastating follow-on attacks should the data be shared among cybercriminal groups for scams and phishing attempts.
“If it’s all true, ShinyHunters is on a winning streak against universities. This is the latest addition to their trail of havoc in the education sector. Just recently we had the ransomware attack and settlement on education software provider Canvas which impacted countless universities and people. They’re getting what they want from their attacks.
“That’s why thorough, fast investigations are crucial to know exactly what happened, showing victims the right steps have been taken to mitigate impact, and getting the word out to all who may have been affected.”
My advice is that ShinyHunters is a force to be taken seriously. Thus if you don’t take them seriously, you will pay the price.
Share this:
Like this:
Related
This entry was posted on June 10, 2026 at 12:13 pm and is filed under Commentary with tags ShinyHunters. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.