The University of Nottingham confirmed unauthorized access and exfiltration of personal data belonging to 450,000 current and former students, with the data subsequently leaked publicly. The specific attack vector remains undisclosed. MITRE techniques mapped suggest credential-based or phishing initial access (T1078, T1566) followed by cloud storage exfiltration (T1530). The breach creates immediate notification obligations and establishes a reference incident for higher education sector identity and data protection posture assessment.