A new wave of cyberattacks targeting learning platforms at UK universities is reigniting pressure on higher education to treat cybersecurity as a core operational priority. The University of Nottingham became the latest victim after a student records platform breach led to data being seized by the ShinyHunters ransomware group. The incidents followed a prior breach involving Canvas, underscoring a pattern: education platforms and vendors are being treated as high-value targets, and institutions are not responding at the same speed. Regulators—including the Information Commissioner’s Office—have signaled they may pursue further regulatory action when organizations do not take sufficient protective measures. The attacks also raise policy and vendor governance questions for university IT leaders, especially as institutions depend on third-party education management systems because building and maintaining bespoke platforms is not feasible. For campus leaders, the takeaway is operational: security posture, vendor risk management, and incident readiness are now inseparable from core teaching and student-data stewardship.