A leaksear.ch-indexed dataset tied to Sun Moon University contains 617 records from a May 28, 2025 Nova ransomware leak, including email addresses and usernames (leaksear.ch metadata). Public ransomware tracking lists SunMoon university under Nova with a discovered date of May 29, 2025 and an estimated attack date of May 28, 2025 (www.ransomware.live).
What happened
Ransomware.live lists SunMoon university under Nova and describes Nova, formerly RALord, as an active Ransomware-as-a-Service group that uses file encryption and double-extortion pressure around stolen-data disclosure (www.ransomware.live). RedPacket Security also published a May 29, 2025 automated, redacted item identifying the victim as SunMoon university and saying the information was scraped from the Nova Tor leak blog (www.redpacketsecurity.com).
The cited public reporting does not confirm the initial access vector, ransom demand, or whether Sun Moon University systems were encrypted in this specific incident. The specific exposed fields below come from leaksear.ch indexing metadata, not from public sample records (leaksear.ch metadata).
What data was exposed
The indexed dataset contains 617 records (leaksear.ch metadata). The searchable fields are email address and username, which means those values can be used to check for a match on leaksear.ch (leaksear.ch metadata).
Other stored fields in the indexed records include department, email-verification status, organization, student ID, and user type (leaksear.ch metadata). No raw leaked values are included in this article.
Why this matters
Even at 617 records, an education-sector identity dataset can support targeted phishing, account-enumeration attempts, and impersonation of students, faculty, or staff. The combination of emails, usernames, departments, user types, and student IDs gives attackers context for believable messages, especially if victims reused usernames or exposed addresses across other services. The metadata does not list passwords, password hashes, or financial data, so those categories should not be assumed present (leaksear.ch metadata). If you used a Sun Moon University account or communicated through the university portal, check your email address and username against this leak on leaksear.ch.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email and username.