A hacking group breached the University of Nottingham’s PeopleSoft student records system and stole over 40 GB of data on 454,600 current and former students, including names, addresses, financial details and academic records. The university has reported the incident to the UK Information Commissioner’s Office and Action Fraud, while ShinyHunters claims responsibility and posted the stolen archive.

This daily roundup covers a 40 GB data breach at the University of Nottingham, a lost-drive incident exposing 10.9 million Japanese utility customers, and a proof-of-concept Exchange spoofing flaw. It also highlights automated AI-driven attack research, supply-chain toolkits on GitHub, and new product launches for dependency patching and taint analysis.

Kyushu Electric Power misplaced an external backup drive storing personal details for up to 10.9 million customers after leaving it in an unlocked server-room cabinet. The drive contained names, addresses, usage data and phone numbers but no financial records, and the firm has reported the loss to police and regulators while investigating internal access.