Reporting an IT security incident

What to do when information security is threatened?

If you notice a security-relevant event, such as a hacker break-in, misuse of a TU-ID or mail account, unusual system or network behaviour or simply have a corresponding suspicion, please report the events to the IT Security Department as soon as possible. Here you see, how to do this.

If you are unsure – better to ask once too much than too little. We help you to classify and solve the threat!

Detected vulnerability or threat without damage

  • You have detected a phishing mail oryou are unsure, but you have neither opened attachments nor clicked on links.
  • You receive a suspicious or a blackmailemail.
Forward as attachment (howto) with short comment to
  • You send or receive a lot of spam.
  • You receive dubious calls and/orrequests.
  • Something seems strange to you ingeneral.
  • You have other questions.
Message to 		Need for action
What you should do in such cases:
  • Report.
  • Further actions are not required.

Event with concrete damage effects

  • You have clicked on a link or opened an attachment that is suspicious.
  • You have shared sensitive information.
  • You discover devices/objects that are unexpectedly in your premises (other computers, USB devices, cables, boxes, …)
  • Loss or theft of devices (e.g. laptops), data carriers (e.g. USB sticks) and documents.
Message to 		Need for action
What you should do in such cases:
  • Report.
  • Perform virus scan if necessary.
  • Do not continue working and wait for instructions.
  • Change passwords (TU-ID Passwort via IDM-Portal).
  • Inform any affected parties.

Security incident with serious, longer-term damage effects

  • Finding malware on your device, unusual behavior of your device or your device stops working.
  • Files on your end device are or suddenly become encrypted.
  • You are acutely threatened or blackmailed, your data has suddenly disappeared.
  • Loss or theft of devices (e.g. laptops), data carriers (e.g. USB sticks) and documents containing confidential information.
  • Your IT behaves in a way that makes you fear for your data.
  • You suspect an acute danger for the IT of the TU Darmstadt.
Notification to TUDa-CERT:
+49 6151 16 27777

Message to responsible admin 		Need for action
What you should do in such cases:
  • Disconnect the affected device from the network.
  • Inform responsible admin and TUDa-CERT.
  • Do not continue working and wait for instructions.

ATTENTION!
In case of imminent danger:
Contact us by phone or in person!

In the event of an emergency, the Chief Information Security Officer and the members of TUDa-CERT have the authority to issue instructions to operators and users regarding the use, connection and disconnection of IT infrastructure.

The instructions of the Chief Information Security Officer and the TUDa-CERT members must be followed.