The University of Nottingham confirmed a data breach with student and staff data exfiltrated; attack vector, threat actor, and full scope have not been publicly disclosed. Action for partner organizations is limited to reviewing federated identity and data-sharing connections to Nottingham infrastructure, rotating shared credentials, and monitoring for follow-on phishing using exfiltrated data as lure content.