Report an incident

If you have become a victim of an attack, please contact us. We will provide you with assistance and all the necessary advice. Follow the instructions below.

security@agh.edu.pl

Report an attack to us

A person who notices an incident is obliged to report it to the Centre for Information Security (CBI). 

To report security incidents, please contact:

  • at security@agh.edu.pl
  • by phone: +48 885 850 762 from 8:00 a.m. to 4:00 p.m,
  • in person: D-8, 7th floor, room 718 from 8:00 a.m. to 4:00 p.m.

What the cotification should contain

Change password to account

If the attack carried out has exposed information such as login and password for your mail account or any other account, you should change it as soon as possible. In the case of mail, this is done through the site poczta.agh.edu.pl website and in the top menu Settings=> Password.

Note: Do not use any links provided in the fake news.

Reserve the documents that have been disclosed

If the attack involved your identity documents (e.g., ID card, passport, driver's license) and you have provided the attackers with data from them or their photographs, you can keep such documents frozen. Also inform your bank about the loss of the document. If you have disclosed payment card data or made payments to the attackers' account, also inform your bank as soon as possible. This will later be the basis for a complaint and possible recovery of money. We also recommend reserving your PESEL number.

Cancellation of identity card

Reservation of PESEL number

If you have the ability to make a preliminary assessment of the type of incident, then also inform accordingly:

  • IT Helpdesk - in case you detect irregularities in central IT systems, e.g., email accounts, university-wide services
  • System administrator - if irregularities are detected in the operation of a local (i.e., concerning one unit or department of the university) IT system
  • Network Administrator - in case of detection of irregularities in the operation of the Unit's network
  • Local Information Security Administrator or Data Protection Officer - in case there is a suspected breach of personal data security
  • Security, law enforcement or emergency services - when there is a physical threat or a threat to human health and life.

What the notification should contain

  • Name, email and, if possible, business phone number of the reporting person.
  • A detailed description of the incident - what happened, what are the consequences, whether the security of personal data may have been compromised (e.g., through data leakage), the scale of the incident.
  • How the incident was detected.
  • How the breach may have occurred (if the notifier has such knowledge).

If the message needs to be encrypted, you can use our PGP key:
Download the PGP key

If you report an email to us, we recommend saving the suspicious message in .eml format to facilitate analysis. You can do this through the "Save As" option available in most email clients. Then please send us this message as an attachment.

Example: mail export in Thunderbird, version 1

In the upper right corner (above the message) More => Save As

Example: mail export in Thunderbird, version 2

Right click on the message in question => Save as... 

Example: mail export in Outlook

In the middle, upper right corner of the message window, click the "message with note" sign => "Forward as attachment"

Example: mail export in Roundcube

Click on the gear wheel in the top menu => Download (.eml)