Reporting a cybersecurity incident or data breach
Reporting a cybersecurity incident or data breach
Have you seen or experienced something amiss? Think, for example, of misuse of your account or connection, a possible hack, or theft or loss of a computer, laptop, USB stick, tablet, smartphone, or files.
|
Do you suspect you have received a phishing e-mail and you haven't clicked on a link yet? Would you like advice on this? Please contact the CIT Service Desk.
|
What is a cybersecurity incident?
A cybersecurity incident is a situation involving a breach of the security of the UG’s information systems and the data stored within them. For example:
-
Your laptop, tablet or smartphone was stolen or you lost it.
-
You have clicked on an email, thereby opening a virus on your computer.
What is a data beach?
A data breach is a situation where people gain access to personal data without being allowed or intended to do so.
There are 3 types of data breach:
-
Confidentiality breach: personal data has been disclosed or personal data has been accessed without intention.
-
Integrity breach: personal data has been altered by someone who is not authorised to do so. Or this has happened accidentally.
-
Breach of availability: personal data are no longer accessible to the organisation or person managing them. Or the data have been destroyed. This has happened by someone not authorised to do so. Or this has happened accidentally.
For example:
-
An employee has had access to a student file to which they did not need to have access at all.
-
You receive an email from a colleague that contains the grades of students and it was not meant for you.
-
The addressees of an email newsletter are listed in the CC field rather than the BCC field.
Some of these databreach examples may seem rather innocent. However, the consequences may be huge. For example, a combination of a name, date of birth, and BSN falling into the wrong hands can result in identity fraud.
What will happen with my report?
Each report is assessed by the UG Chief Privacy Officer (CPO) within 12 hours. The CPO will subsequently take action depending on the nature of the report. The University Procedure for Reporting Data Breaches serves as a guide. All reports are treated confidentially.
Which other steps can I take?
The first step should always be to report immediately by sending an email to databreach rug.nl.
If your account details have fallen into the wrong hands, you should immediately change your passwords for all websites to which you log in using the user name and password in question. You can also report to the police.
If bank-related matters, such as your PIN or credit card number, are involved, you should contact your bank to block your account or card.
Do you suspect you have received a phishing e-mail and you haven't clicked on a link yet? Would you like advice on this? Please contact the CIT Service Desk.
| Last modified: | 09 January 2025 08.46 a.m. |