Report security incidents

Have you accidentally sent an email with sensitive information to the wrong recipient? Have you discovered sensitive information on an AAU webpage?

Report security incidents by filling out a short form by clicking below. Or you can contact IT Services at or Tel.: 99402020.

Report security incident

All security incidents must be reported

Staff and students at AAU must report security incidents, both in cases where you contributed to a security incident and where you discover a security incident that you were not involved in.

When to report a security incident

You need to file a report as soon as you become aware that a security incident has occurred. Once you have reported a security incident, your report is immediately forwarded to ITS for processing and evaluation. If necessary, ITS will contact you for clarification.

If the security incident relates to personal data and ITS therefore forwards it to the contract unit’s personal data team which assesses that the breach is critical then AAU must report the incident to the Danish Data Protection Agency. When possible, reporting a security incident to the Danish Data Protection Agency must take place within 72 hours from when the incident occurred. Therefore, it is important that you report the security incident as soon as you discover it.

Example of a critical time factor in reporting a security event:

  • If a staff member loses a USB stick on Friday at 12 noon but doesn’t fill out and submit the internal report (web form) until Monday morning at 8.00, the clock for reporting to the Danish Data Protection Agency started on Friday at 12 noon and not from the time of the submission of the internal report (web form).

Examples of security incidents

  • Lost IT equipment (laptop, external hard drive, mobile phone, USB stick etc.)
  • Inadvertent publication of sensitive personal information on the Internet
  • Hacked webpage
  • Viruses and other malware on your computer
  • Receiving and replying to phishing emails
  • Incorrectly sending an email to the wrong recipient(s)