Cyberattack incident and personal data leakage (2)

The Open University of Cyprus experienced a malicious cyberattack on March 27, 2023. The attack resulted in several central University services and critical systems going offline as a precaution measure. Yet, (sensitive) personal data relating to members of the academic community have been leaked. From day 1 of the cyberattack, the University is in constant communication and cooperates effectively with the Combating Cybercrime Department of the Cyprus Police to undertake the relevant investigations, and the Commissioner for Personal Data Protection. The competent authorities cooperate with the relevant Professional Services of the Open University of Cyprus in order to stop the acquisition of these data, which constitutes a criminal act.

At the same time, the University, together with a number of external partners, are working closely to restore all disrupted operations by taking additional technical and organizational measures to mitigate all risks and repair all vulnerabilities. The university community is regularly informed by the relevant professional services about all relevant measures and good practices for secure use of online/network services, while OUC is committed to continue its efforts to safely restore all its central services and critical systems.

Anyone interested for his or her personal data that may have been affected can contact the Open University of Cyprus via email at or by phone 00357-22411730.

Date of announcement: 21/04/2023