CSA warns Ghanaian Universities after University of Nottingham cyberattack exposes data of 450,000 students and alumni

• Cyber Security Authority has warned Ghanaian universities to strengthen cyber defences after the University of Nottingham cyberattack exposed data of about 450,000 people.

• The authority says Ghana’s rapid digital transformation in education, health and telecommunications is increasing exposure to cyber threats.

• CSA urged all Critical Information Infrastructure operators to comply with Ghana’s 2021 CII protection directive to reduce the risk and impact of cyberattacks.

The Cyber Security Authority (CSA) has issued a fresh warning to universities and other critical institutions to tighten their cyber defences following a major cyberattack on the University of Nottingham in the United Kingdom that exposed sensitive data of about 450,000 students and alumni.

READ ALSO: 10 best universities in the world: See 2026 global rankings

The authority says the breach should serve as a wake-up call for Ghana’s education sector as institutions veer towards online operations through digital payment systems, cloud platforms, student databases and virtual learning environments.

In a press release issued on June 16, the CSA cautioned all Owners of Critical Information Infrastructure (CII), particularly educational institutions, to strictly comply with Ghana’s Directive for the Protection of Critical Information Infrastructure.

The UK university confirmed last week that hackers gained unauthorised access to a significant amount of data stored in its student records system.

Reports indicate the compromised information included personal records, contact details, student and staff identification numbers, and financial data belonging to current and former students.

According to multiple UK media and cybersecurity reports, the breach affected roughly 450,000 individuals, with the ransomware group ShinyHunters reportedly claiming responsibility for the attack.

READ ALSO: 23-year-old student arrested for publishing obscene content online

The hackers are believed to have accessed more than 40GB of sensitive data after breaching the university’s Campus Solutions records system.

The university subsequently took affected systems offline and launched a forensic investigation while working with the UK’s Information Commissioner’s Office and Action Fraud.

The CSA says the implications go far beyond a foreign incident.

The warning comes at a time when Ghana’s universities are rapidly digitising core services. Admission processes, fee payments, academic records, research databases and online teaching platforms are increasingly dependent on interconnected digital infrastructure.

While these systems improve efficiency and access, they also create more entry points for cybercriminals.

READ ALSO: 19 accredited universities approved by GLC, GTEC to run LLB, pre bar programmes- See full lists

Ghana’s cybersecurity framework is anchored on the Cybersecurity Act, 2020 (Act 1038), which established the Cyber Security Authority to regulate and coordinate cybersecurity activities nationwide.

The law also introduced protections for Critical Information Infrastructure, that is, systems considered essential to national security and the economic and social well-being of citizens.

The CSA says these measures are intended to reduce both the likelihood and impact of cyberattacks.