Dear colleagues, students and alumni
I am writing to inform you of a data security issue that we recently became aware of, which involves limited personal information that you provided to the University of Cape Town (UCT).
On 17 August 2022, UCT’s Information Communication & Technical Services (ICTS) department identified that a limited amount of personal information had been exposed to malware on an isolated Directory machine.
The personal information contained is:
The Directory contained limited personal information relating to 10 838 staff accounts, 265 388 student accounts, 90 058 alumni accounts and 12 304 third party contractor accounts. Approximately 86 762 of these accounts are dormant and have not been utilised by the end user for a significant period of time.
At this stage, it does not appear that there are any categories of special personal information which were stored on the affected Directory.
As a result of this incident, UCT has taken the following steps:
We will remain alert to any further issues which may arise as a result of this investigation.
We are taking all reasonable measures to mitigate any potential harm, however, we consider this incident to be of a relatively low risk profile. This is because the majority of the personal information contained within the affected Directory is information that is largely publicly available. The affected information is mostly accessible through our email system address book and all staff, alumni, third parties and students who have access to our email system have access to the information in question.
The personal information that was available on the Active Directory is low-risk and does not represent a comprehensive set of information that UCT has on record. The incident does not impact any information in relation to your status as a student, member of staff or alumnus of UCT, and there has not been any access to any sensitive information UCT may have.
As a result of the incident, you may experience the following:
It is important to stress that, UCT is unaware of any illegal activity having been conducted using the affected information. However, if you are concerned that your information may have been shared online we suggest that:
If you have any questions or concerns about this matter, please do not hesitate to contact UCT’s IT Helpdesk.
 a password hash or hashing is a security measure often used to convert a plain text password into a seemingly random string of letters and numbers. As the hash is created by a one-way algorithm, the password cannot be derived directly from a hash.
 If an alumnus was a doctoral or postdoctoral student, then it is possible that an office phone number may have been included in the data.
Read previous communications:
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
Please view the republishing articles page for more information.