Skip to ContentSkip to Navigation
About us Policy and strategy Privacy & Security bij de RUG

Reporting a cybersecurity incident or data breach

Have you seen or experienced something amiss? Think, for example, of phishing activities, misuse of your account or connection, a possible hack, or theft or loss of a computer, laptop, USB stick, tablet, smartphone, or files.

Even if you are not sure, please report it immediately!
Mail us: databreach

What is a cybersecurity incident?

A cybersecurity incident is a situation involving a breach of the security of the UG’s information systems and the data stored within them. For example:

  • Your laptop, tablet or smartphone was stolen or you lost it.

  • You have clicked on an email, thereby opening a virus on your computer.

What is a data beach?

A data breach is a situation where people gain access to personal data without being allowed or intended to do so.

There are 3 types of data breach:

  • Confidentiality breach: personal data has been disclosed or personal data has been accessed without intention.

  • Integrity breach: personal data has been altered by someone who is not authorised to do so. Or this has happened accidentally.

  • Breach of availability: personal data are no longer accessible to the organisation or person managing them. Or the data have been destroyed. This has happened by someone not authorised to do so. Or this has happened accidentally.

For example:

  • An employee has had access to a student file to which they did not need to have access at all.

  • You receive an email from a colleague that contains the grades of students and it was not meant for you.

  • The addressees of an email newsletter are listed in the CC field rather than the BCC field.

Some of these databreach examples may seem rather innocent. However, the consequences may be huge. For example, a combination of a name, date of birth, and BSN falling into the wrong hands can result in identity fraud.

What will happen with my report?

Each report is assessed by the UG Chief Privacy Officer (CPO) within 12 hours. The CPO will subsequently take action depending on the nature of the report. The University Procedure for Reporting Data Breaches serves as a guide. All reports are treated confidentially.

Which other steps can I take?

The first step should always be to report immediately to the Security Team by sending an email to  

If your account details have fallen into the wrong hands, you should immediately change your passwords for all websites to which you log in using the username and password in question. You can also report to the police.

If bank-related matters, such as your PIN or credit card number, are involved, you should contact your bank to block your account or card.

If you suspect that you have received a phishing email, and you need help or advice, please contact the CIT Service Desk.

Last modified:06 October 2023 12.56 p.m.
View this page in: Nederlands