Major Data Breach at Tshwane University of Technology Leads to Suspension of Deputy VC

In a substantial cybersecurity breakdown, the respected Tshwane University of Technology (TUT) in South Africa has fallen victim to a crippling ransomware attack, resulting in the suspension of its deputy vice-chancellor, Professor Bhekisipho Twala. The incident, which unfolded on December 17, 2023, has led to the theft of an alarming number of sensitive records, shaking the foundations of TUT's digital infrastructure.

Professor Twala, recognized as a prominent figure in the field of artificial intelligence and data science in South Africa, was in charge of TUT's digital transformation portfolio at the time of the attack. Allegations currently circulating suggest Twala did not effectively respond to the attack or oversee its resolution, a factor contributing to the university's decision to suspend him.

The hack's complexity and severity remain a topic of investigation. However, the exploitation has been tentatively linked to a nefarious ransomware group known as Rhysida, notorious for a recent cyber attack on the British Library. Rhysida's involvement came to light after TUT reportedly received a screenshot from the hackers, indicating the institution's ICT system compromise and subsequent cloud backup deletions.

As TUT grapples with the extent of the data breach, its executive team has embarked on a cyber forensic audit to uncover further details. Despite the institution's attempts to map the damage, there is a pervasive sense of uncertainty, with staff reportedly being left in the dark and silenced from discussing the incident.

A concerning aspect of this breach is the destructive approach the attackers have taken. After encrypting the servers’ file systems, they proceeded to delete back-up data, leaving the institution with no straightforward path to recovery. Ransomware typically leaves system files accessible to allow victims to view extortion demands, usually involving cryptocurrencies, but in this case, the loss of data appears profound.

Drawing parallels to previous incidents, such as the South African Department of Justice and Constitutional Development’s ransomware attack in September 2021, a trend of negligence leading to critical data vulnerabilities emerges. In May 2023, the department was reprimanded by the country’s information regulator for not taking adequate measures to safeguard against unauthorized data access and was subsequently fined for their non-compliance.

These cybersecurity breaches are not just disruptive but also potentially in violation of legal obligations to safeguard personal and sensitive data. It serves as a harsh reminder that institutions must maintain vigilance and continuously update and monitor their digital protections to mitigate such risks.

TUT's refusal to provide additional comments further clouds the situation. As the university navigates this turbulent period, the academic community is on high alert, and the ramifications of this breach may echo far beyond TUT's walls. Such incidents underscore the urgency for improved cybersecurity measures across all sectors, particularly in higher education and government departments that handle vast amounts of confidential information.