Skip to ContentSkip to Navigation
University of Groningenfounded in 1614  -  top 100 university
Close
About us Policy and strategy Privacy & Security bij de RUG

Reporting a cybersecurity incident or data breach

Reporting a cybersecurity incident or data breach

Have you seen or experienced something amiss? Think, for example, of phishing activities, misuse of your account or connection, a possible hack, or theft or loss of a computer, laptop, USB stick, tablet, smartphone, or files.

Even if you are not sure, please report it immediately!
Mail us: databreach rug.nl.

What is a cybersecurity incident?

A cybersecurity incident is a situation involving a breach of the security of the UG’s information systems and the data stored within them. For example:

  • Your laptop, tablet or smartphone was stolen or you lost it.
  • You have clicked on an email, thereby opening a virus on your computer.

What is a data beach?

A data breach is a situation where people gain access to personal data without being allowed or intended to do so.

There are 3 types of data breach:

  • Confidentiality breach: personal data has been disclosed or personal data has been accessed without intention.

  • Integrity breach: personal data has been altered by someone who is not authorised to do so. Or this has happened accidentally.

  • Breach of availability: personal data are no longer accessible to the organisation or person managing them. Or the data have been destroyed. This has happened by someone not authorised to do so. Or this has happened accidentally.

For example:

  • An employee has had access to a student file to which they did not need to have access at all.
  • You receive an email from a colleague that contains the grades of students and it was not meant for you.
  • The addressees of an email newsletter are listed in the CC field rather than the BCC field.

Some of these databreach examples may seem rather innocent. However, the consequences may be huge. For example, a combination of a name, date of birth, and BSN falling into the wrong hands can result in identity fraud.

What will happen with my report?

Each report is assessed by the UG Chief Privacy Officer (CPO) within 12 hours. The CPO will subsequently take action depending on the nature of the report. The University Procedure for Reporting Data Breaches serves as a guide. All reports are treated confidentially.

Which other steps can I take?

The first step should always be to report immediately by sending an email to databreach rug.nl.  

If your account details have fallen into the wrong hands, you should immediately change your passwords for all websites to which you log in using the user name and password in question. You can also report to the police.

If bank-related matters, such as your PIN or credit card number, are involved, you should contact your bank to block your account or card.

If you suspect that you have received a phishing email, and you need help or advice, please contact the CIT Service Desk.

Change your passwordsContact CIT Service Desk
Last modified:24 May 2024 4.50 p.m.
View this page in: Nederlands
Follow the UGfacebook twitter linkedin rss instagram youtube
Functional
Provides basic functions and uses anonymized cookies.
Standard
Provides optimal operation and uses video cookies, among others.
Complete
Provides personalized content and uses marketing cookies.
Set your cookie preferences. Read our privacy and cookie disclaimer for more information.