Skip to ContentSkip to Navigation
University of Groningenfounded in 1614  -  top 100 university
Close
About us Policy and strategy Privacy & Security bij de RUG

Reporting a cybersecurity incident or data breach

Have you seen or experienced something amiss? Think, for example, of phishing activities, misuse of your account or connection, a possible hack, or theft or loss of a computer, laptop, USB stick, tablet, smartphone, or files.

Even if you are not sure, please report it immediately!
Mail us: databreach rug.nl

What is a cybersecurity incident?

A cybersecurity incident is a situation involving a breach of the security of the UG’s information systems and the data stored within them. For example:

  • Your laptop, tablet or smartphone was stolen or you lost it.

  • You have clicked on an email, thereby opening a virus on your computer.

What is a data beach?

A data breach is a situation where people gain access to personal data without being allowed or intended to do so.

There are 3 types of data breach:

  • Confidentiality breach: personal data has been disclosed or personal data has been accessed without intention.

  • Integrity breach: personal data has been altered by someone who is not authorised to do so. Or this has happened accidentally.

  • Breach of availability: personal data are no longer accessible to the organisation or person managing them. Or the data have been destroyed. This has happened by someone not authorised to do so. Or this has happened accidentally.

For example:

  • An employee has had access to a student file to which they did not need to have access at all.

  • You receive an email from a colleague that contains the grades of students and it was not meant for you.

  • The addressees of an email newsletter are listed in the CC field rather than the BCC field.

Some of these databreach examples may seem rather innocent. However, the consequences may be huge. For example, a combination of a name, date of birth, and BSN falling into the wrong hands can result in identity fraud.

What will happen with my report?

Each report is assessed by the UG Chief Privacy Officer (CPO) within 12 hours. The CPO will subsequently take action depending on the nature of the report. The University Procedure for Reporting Data Breaches serves as a guide. All reports are treated confidentially.

Which other steps can I take?

The first step should always be to report immediately to the Security Team by sending an email to databreach@rug.nl.  

If your account details have fallen into the wrong hands, you should immediately change your passwords for all websites to which you log in using the username and password in question. You can also report to the police.

If bank-related matters, such as your PIN or credit card number, are involved, you should contact your bank to block your account or card.

If you suspect that you have received a phishing email, and you need help or advice, please contact the CIT Service Desk.

Change your passwordsContact CIT Service Desk
Last modified:06 October 2023 12.56 p.m.
View this page in: Nederlands
Follow the UGfacebook twitter linkedin rss instagram youtube

The UG website uses functional and anonymous analytics cookies. Please answer the question of whether you want to accept or reject other cookies (such as tracking cookies). If no choice is made, only basic cookies will be stored. More information

Basic
The basic functions of the website are available. We analyse click behaviour anonymously in order to make our website more user-friendly.
Limited
In addition to functional cookies you can also view embedded content, such as YouTube videos. If you accept these cookies, the website will function optimally.
All
In addition to the optimal functioning of the website, we work together with third parties to offer you personalized content based on your visit.
The UG website uses functional and analytics cookies. Please select your preferences. Read our privacy and cookie disclaimer for more information.