The University of Nottingham has confirmed unauthorized access to its student record system affecting current students and alumni. Attack vector, threat actor, and full data field scope are unconfirmed. The institution faces immediate regulatory obligations under UK data protection law and individual harm risk via identity fraud or targeted social engineering using harvested student PII.