AAU logo

It Services

Report Security Incident

Did you accidentally send an email with sensitive information to the wrong recipient? Have you noticed sensitive information on an AAU website?

Report breaches of security by completing a short form by clicking below. If you encounter issues or have questions, IT Services (ITS) can be contacted at support@aau.dk or on tel. 99402020

Register Security Incident


As an employee and student at AAU, you must report security incidents, both in cases where you yourself happen to contribute to the emergence of a security incident and also when a security incident which does not involve you occurs.


As soon as you become aware that there has been a security incident, you must report it. After reporting a security incident, your report is immediately sent for processing and assessment by ITS. If necessary, you will be contacted for detailed clarification.

If the security incident concerns personal data, and ITS therefore forwards it to the GDPR unit, which is then able to assess that the breach is critical in nature, AAU is required to report the incident to the Data Protection Agency. Where possible, a report to the Data Protection Agency of a security incident must be made within 72 hours from the occurrence of the security incident. Therefore, it is important that you report a security incident as soon as you discover it.

Example of the importance of the time factor in relation to the reporting of a security incident:

  • If an employee loses a USB stick on Friday at 12 but fails to complete and submit the internal report (the web form) until Monday morning at 8, the time passed before the Data Protection Agency is notified is counted from Friday at 12, not just from the date of submission of the internal report (the web form).

Examples of security incidents

  • Lost IT equipment (laptop, external hard drive, mobile phone, USB stick, etc.)
  • Inadvertent disclosure of sensitive personal information on the Internet
  • Hacked website
  • Viruses and other malware on your computer
  • Receiving – and replying to – phishing emails
  • Accidental sending of emails to the wrong recipient(s)