Reporting an IT security incident

If you notice a security-relevant event, such as a hacker break-in, misuse, unusual system or network behaviour or simply have a corresponding suspicion, please report the events to the IT Security Department at HRZ.

How do I act correctly with…

…an IT security incident? …an IT security emergency?
Vorfall vs. Notfall
Picture: HRZ

What is an…

…IT security incident? …IT security emergency?
  • You receive a suspicious or blackmailing e-mail.
  • You send or receive particularly large amounts of spam.
  • You have clicked on a link that seems suspicious.
  • You receive dubious calls and/or enquiries.
  • You notice something strange in general.
  • You have other questions.
  • Files on your end device are or will suddenly be encrypted.
  • You are acutely threatened or blackmailed, your data have suddenly disappeared.
  • Your terminal device has been stolen.
  • Your IT is behaving in such a way that you fear for your data.
  • You suspect an acute IT threat to the TU.

What to do in case of an…

…IT security incident? …IT security emergency?

Report your incident promptly by e-mail to HRZ: .


The team is there to advise you, to prevent damage and to support you.

Obligation to report! All TU members are obliged to report IT security incidents.

Immediately dial the emergency number*
27777


Try to limit the damage
If possible, disconnect the machine from the power supply (LAN cable and WLAN) to prevent the problem from spreading. Do not use your machine until further recommendations are made. The less your terminal device works now, the better the chances of data recovery.
*Note: The telephone number is a ring circuit from landline to mobile phone and reaches the responsible HRZ staff in any case – also during meetings etc. We therefore ask you to use this number only in an emergency.

Further contact details

Provisional IT Security Officer: Anna Schindler

TU-CERT: Jochen Becker, Andreas Schönfeld, Anna Schindler

In the event of an emergency, the members of TU-CERT have the authority to issue instructions to operators and users regarding the use, connection and disconnection of IT infrastructure.

The instructions of TU-CERT members must be followed.