The accidentally circulated information included students’ full names, email addresses and ID numbers. 

Wits University has reassured students whose personal information was inadvertently shared in emails sent out by the Careers and Counselling Development Unit (CCDU), that all the emails have been recalled.

“Steps to retrieve and destroy the email and the data were taken to ensure that there was no subsequent disclosure and wider dissemination of data,” Wits senior communications officer Buhle Zuma told Wits Vuvuzela

On Saturday, August 8, the university’s registrar, Carol Crosley, notified students that their personal details had been shared to a cohort of students as a result of a CCDU employee inadvertently attaching the sensitive information in an email about an upcoming careers expo. The information included students’ full names, student email addresses, ID numbers, cellphone numbers, faculty and year of study.

“No other private data was included,” wrote Crosley in the email. She apologised for the incident, and said she was part of an internal team consisting of Wits ICT and legal officials, which had been established to rectify the accidental leak. 

Goabaona Mashabane, (19), a first-year LLB student, said that she was shocked when she received the email. “Your ID number is personal and private,” she said, adding that she would be relieved if “[Wits] informed us of the steps they have taken to resolve this situation”.

Another student still waiting for an update from Wits is Phumulani Ntuli (20), in second-year BA general. “All I know is that my information was shared with the wrong people. I am expecting communication from Wits to explain how they will resolve itI have no reassurance that an incident like this will never happen again,” he told Wits Vuvuzela.  

Ravie Govender, an ICT attorney at Govender Patel Dladla Inc. Attorneys, said Wits had taken the right steps to rectify the situation 

“However, if anybody has suffered any damages as a result of this data breach, they could still be held liable. They need to do damage control. They should put out a publication explaining how they supposedly ‘fixed’ the situation and also apologise to those affected

“It is recommended that they inform the POPIA (Protection of Personal Information Act) Information Regulator (SA), an independent body that monitors and protects access to personal information, and open a channel of communication for those affected by the data breach so that they can report any issues that are affecting them as a result. The party who acted negligently is required to take full responsibility for the aftereffects of the data breach,” said Govender.  

FEATURED IMAGE: Students have been left in the dark about how their leaked personal information has been secured.