Important information security notification

Dear colleagues, students and alumni

I am writing to inform you of a data security issue that we recently became aware of, which involves limited personal information that you provided to the University of Cape Town (UCT).

On 17 August 2022, UCT’s Information Communication & Technical Services (ICTS) department identified that a limited amount of personal information had been exposed to malware on an isolated Directory machine.

The personal information contained is:

• for students: full name, student number, email address and password hashes[1], office or work telephone numbers (only in relation to doctoral and postdoctoral students)
• for UCT staff: full name, staff number, email address, password hashes, office number and job title, office or work telephone numbers
• for third party accounts: full name, email address, password hashes, office or work telephone numbers
• for alumni: full name, email address and password hashes[2].

The Directory contained limited personal information relating to 10 838 staff accounts, 265 388 student accounts, 90 058 alumni accounts and 12 304 third party contractor accounts. Approximately 86 762 of these accounts are dormant and have not been utilised by the end user for a significant period of time.

At this stage, it does not appear that there are any categories of special personal information which were stored on the affected Directory.

As a result of this incident, UCT has taken the following steps:

• the machine on which the malware was located has been isolated and taken offline
• a full review of Active Directory security controls is being undertaken
• work is underway to restore, or possibly rebuild our Active Directory; and
• we are in the process of resetting service and administrative accounts with additional security policy measures in place.

We will remain alert to any further issues which may arise as a result of this investigation.

We are taking all reasonable measures to mitigate any potential harm, however, we consider this incident to be of a relatively low risk profile. This is because the majority of the personal information contained within the affected Directory is information that is largely publicly available. The affected information is mostly accessible through our email system address book and all staff, alumni, third parties and students who have access to our email system have access to the information in question.

The personal information that was available on the Active Directory is low-risk and does not represent a comprehensive set of information that UCT has on record. The incident does not impact any information in relation to your status as a student, member of staff or alumnus of UCT, and there has not been any access to any sensitive information UCT may have.

As a result of the incident, you may experience the following:

• email addresses could be used for unsolicited emails; and/or
• individuals may attempt to impersonate you for their own benefit.

It is important to stress that, UCT is unaware of any illegal activity having been conducted using the affected information. However, if you are concerned that your information may have been shared online we suggest that:

• As a precautionary best-practice measure, we strongly recommend that you change your UCT account password and do so regularly. We suggest that where you may have used the same password for personal accounts, that those passwords also be changed. Prior to this incident, UCT has been in the process of updating its password policy that will require UCT account holders to have a 16-character password, and users are encouraged to follow this principle. For more information about password management or this specific incident, please visit https://uct.service-now.com/sp and click on the Manage your Password icon.
• Do not click on any links or open any emails from unknown or suspicious sources.
• It is good practice to always be vigilant of any unusual requests in relation to your personal information or the various accounts you may hold.
• Should you suspect that your identity has been compromised or that you have been a victim of fraud, apply immediately for a free Protective Registration listing with the Southern African Fraud Prevention Service (SAFPS). The SAFPS is a non-profit organisation focused on fraud prevention and financial crime. The SAFPS assists in preventing fraud and impersonation as a result of identity theft to protect the public from associated financial consequences. Its Protective Registration service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder.

For more information, please read the FAQ.

If you have any questions or concerns about this matter, please do not hesitate to contact UCT’s IT Helpdesk.

Sincerely

Royston Pillay
Registrar

[1] a password hash or hashing is a security measure often used to convert a plain text password into a seemingly random string of letters and numbers. As the hash is created by a one-way algorithm, the password cannot be derived directly from a hash.

[2] If an alumnus was a doctoral or postdoctoral student, then it is possible that an office phone number may have been included in the data.

Read previous communications:

• From the UCT Executive
• Campus Announcements