18/06/2026
BRIGHT PREP SAT PRACTICE
On 10 June, the University of Nottingham confirmed that cybercriminals had gained unauthorized access to a significant amount of data stored in its student records system. The breach affected both current students and alumni and included highly sensitive personal and financial information.
The exact method of attack has not been officially confirmed. However, cybersecurity experts have suggested two possible scenarios:
Voice phishing (vishing): Attackers may have impersonated legitimate individuals over the phone to trick university staff into granting access or revealing credentials.
Supply chain attack: A more likely explanation, according to cybersecurity expert Jonathan Lee, is that attackers compromised a third-party provider responsible for managing student data and then exploited that access to infiltrate the university's systems.
At present, these remain expert assessments rather than confirmed findings.
The cybercriminal group ShinyHunters has claimed responsibility for the attack, according to data breach notification service Have I Been Pwned. ShinyHunters is known for conducting large-scale data theft and extortion campaigns, often using social engineering techniques such as voice phishing.
Approximately 455,000 unique email addresses were identified in the leaked data. However, the actual number of affected individuals is likely lower because many people have both personal and university email addresses on file.
Experts also estimate that around 40 GB of data was stolen.
The university believes the compromised data may include:
Names, email addresses, telephone numbers, and postal addresses
Student and staff identification numbers
Course and academic records
Financial information
National Insurance numbers
Passport numbers
Dates of birth
Citizenship information
Ethnicity, gender, and disability information
Usernames, IP addresses, and purchase records
The exposure of identity documents such as passport and National Insurance numbers significantly increases the risk of identity theft.
Cybercriminal groups typically steal sensitive information to extort organizations. Victims are often asked to pay a ransom in exchange for preventing the publication of the stolen data. If payment is refused, the attackers may release or sell the information on criminal marketplaces.
Stolen personal information can also be used for identity fraud, phishing attacks, account takeover, and other forms of financial crime.
This is considered a serious data breach because it involves highly sensitive personally identifiable information (PII). Individuals whose passport numbers, National Insurance numbers, or financial details were exposed face an elevated risk of identity theft and fraud.
Anyone who believes they may have been affected should:
Change passwords, especially if they are reused across multiple accounts.
Enable multi-factor authentication (MFA) wherever possible.
Be cautious of unexpected emails, phone calls, or text messages requesting personal information.
Monitor bank accounts and credit reports for suspicious activity.
Remain alert for phishing attempts that use personal information stolen during the breach.
The incident is being investigated by the East Midlands Special Operations Unit (EMSOU). The University of Nottingham has also notified the Information Commissioner's Office (ICO), the National Cyber Security Centre (NCSC), the Office for Students, and Action Fraud. Due to the ongoing criminal investigation, the university has stated that it cannot provide further details at this time.
Here are several SAT Reading and Writing–style questions based on the passage, with an answer key and brief explanations.
Question 1: Central Idea
Which choice best states the central idea of the passage?
A. Universities should stop storing students' financial information online.
B. The University of Nottingham experienced a major cyberattack, and experts explain how it may have occurred, what information was exposed, and what affected individuals should do.
C. Voice phishing is the most common method used by cybercriminals to attack universities.
D. Cybersecurity experts disagree about whether ransomware attacks should be investigated by police.
Answer: B
Explanation: The passage focuses on the cyberattack, possible methods, the data exposed, and its consequences.
Question 2: Evidence
Which detail from the passage best supports the idea that the breach could have long-term consequences for victims?
A. The university notified several government agencies.
B. Approximately 455,000 email addresses were included in the breach.
C. Passport numbers and National Insurance numbers may have been exposed, increasing the risk of identity theft.
D. The university established a telephone helpline.
Answer: C
Explanation: Exposure of official identity documents creates an ongoing risk of fraud and identity theft.
Question 3: Vocabulary in Context
As used in the passage, the word "vulnerability" most nearly means:
A. Weakness
B. Emotion
C. Opportunity
D. Mistake
Answer: A
Explanation: In cybersecurity, a vulnerability is a weakness that attackers can exploit.
Question 4: Inference
Which inference is best supported by the passage?
A. Investigators have confirmed the exact method used by the attackers.
B. The university paid the ransom demanded by the hackers.
C. The exact cause of the breach remains under investigation.
D. The stolen data cannot be used for identity theft.
Answer: C
Explanation: Experts suggest possible attack methods, but the university has not confirmed how the breach occurred.
Question 5: Text Structure
How is the passage primarily organized?
A. Problem → Possible causes → Effects → Response
B. Comparison of two universities
C. Chronological biography
D. Argument followed by rebuttal
Answer: A
Explanation: The passage describes the attack, discusses possible causes, outlines its consequences, and explains the response.
Question 6: Author's Purpose
The primary purpose of the passage is to:
A. persuade readers to avoid attending universities.
B. entertain readers with a story about hackers.
C. inform readers about a cyberattack and explain its causes, impact, and ongoing investigation.
D. criticize the police investigation.
Answer: C
Explanation: The passage is informative rather than persuasive or entertaining.
Question 7: Command of Evidence
Which quotation best supports the claim that the attackers were motivated by financial gain?
A. "The investigation is in its early stages."
B. "They would have been shaken down for money."
C. "The university has been the victim of a cyber incident."
D. "We have set up a telephone helpline."
Answer: B
Explanation: This statement directly describes the attackers' financial motive.
Question 8: Logical Reasoning
Why does the passage include both Troy Hunt's and Jonathan Lee's opinions about how the attack occurred?
A. To show that experts agree on every aspect of the attack.
B. To present different plausible explanations because the exact method has not been confirmed.
C. To criticize one expert's conclusions.
D. To prove that supply chain attacks never involve phishing.
Answer: B
Explanation: The passage presents multiple expert perspectives while acknowledging that the investigation is ongoing.
For more SAT practice or UK student visa consultancy, join us at Bright Prep:
https://www.brightprep.org/apply-now
Send a message to learn more