Reporting an IT security incident

If you notice a security-relevant event, such as a hacker break-in, misuse of a TU-ID or mail account, unusual system or network behaviour or simply have a corresponding suspicion, please report the events to the IT Security Department as soon as possible.

What to do in case of an…

…IT security incident? …IT security emergency?

Report your incident promptly by e-mail to

The team is there to advise you, to prevent damage and to support you.

Phishing detected. What to do? Forward the e-mail as an attachment to . Then delete the email.
Short guide: Forwarding an e-mail as an attachment

Obligation to report! All TU members are obliged to report IT security incidents.

Immediately dial the emergency number*

Try to limit the damage
If possible, disconnect the machine from the power supply (LAN cable and WLAN) to prevent the problem from spreading. Do not use your machine until further recommendations are made. The less your terminal device works now, the better the chances of data recovery.
*Note: The telephone number is a ring circuit from landline to mobile phone and reaches the IT Security Department in any case – also during meetings etc. We therefore ask you to use this number only in an emergency.

What is an IT security emergency?

Examples of an
…IT security incident …IT security emergency
  • You receive a suspicious or blackmailing e-mail.
  • You send or receive particularly large amounts of spam.
  • You have clicked on a link that seems suspicious.
  • You receive dubious calls and/or enquiries.
  • You notice something strange in general.
  • You have other questions.
  • Files on your end device are or will suddenly be encrypted.
  • You are acutely threatened or blackmailed, your data have suddenly disappeared.
  • Your terminal device has been stolen.
  • Your IT is behaving in such a way that you fear for your data.
  • You suspect an acute IT threat to the TU.

In the event of an emergency, the Chief Information Security Officer and the members of TUDa-CERT have the authority to issue instructions to operators and users regarding the use, connection and disconnection of IT infrastructure.

The instructions of the Chief Information Security Officer and the TUDa-CERT members must be followed.