Reporting a data breach or security incident

A stolen phone, data breach, virus infection, phishing email, or other type of IT security incident must be reported as soon as possible, and preferably by telephone. If you call outside office hours, you will be redirected to a help desk staff member.

A data breach must always be reported to Radboud University. Serious data breaches are reported by Radboud University to the Dutch Data Protection Authority. 

Please call +31 24 362 22 22, 24 hours a day, 7 days a week.

If you are unable to make a call, please send an email to icthelpdesk [at]

Identifying a data breach

A data breach involves the release of personal information, or the alteration or destruction of information. Even if there is no breach but there is still a risk, this constitutes a data breach. Below are several examples of a data breach:

  • A mislaid unencrypted USB stick that contains personal information;
  • An inadequately protected mobile phone, laptop, or tablet that contains access to a Radboud account that has been stolen, even if it is your own personal device;
  • Printed materials that contain personal information and have been left unattended near a photocopier;
  • When you find that you have access to personal information to which you should not have access, for example, because you have been given too many rights in a system;
  • If you have sent sensitive personal information to an incorrect email address (i.e., to someone for whom the information was not intended);
  • When a computer hacker hacks into a computer that contains personal information or access to a Radboud account.


+31 24 362 22 22