UK universities are facing a renewed warning that cyberattacks on learning systems are accelerating, with the University of Nottingham’s compromised student-record platform described as exposing data for hundreds of thousands of students and alumni. The incident follows earlier targeting of Canvas by the same ShinyHunters criminal group, raising concerns about third-party education software as a risk pathway. UK regulators have urged universities to treat cybersecurity as a “core organisational priority” and warned they will consider additional regulatory action for institutions that do not take sufficient protections. Security researchers also pointed to the difficulty of building and maintaining bespoke learning management systems in-house, especially when institutions rely on commercial platforms. The reporting frames the Nottingham case as another escalation in a broader threat environment, with experts saying it should be treated as a “when, not if” risk for universities. The episode reinforces how higher education’s hybrid teaching infrastructure—built on third-party systems—creates new attack surfaces for personal data.