Report a data security breach

Report a data security breach

Keep a low threshold when reporting a data breach or suspected data breach. We will investigate all notifications received.

Based on your notification, we will investigate the existence of a data breach and take appropriate action.

We ask that you report an incident via the HelpJYU service, where you will find the form "Report information or data security incident " on the home page. In case of urgency, you can also call to Security Manager on 040 805 3837 (also text messages). However, always make a written report as well.

If you are not a member of the university community and do not wish to use the HelpJYU service, you can send an email to tietoturva(at)jyu.fi. In this case, please write "Data security breach notification" in the subject line of the e-mail. If you wish you can also sent a secure email via the Secure mail service. If you use secure mail, do not use your own phone number in the verification field because we are not able to open the message.

What is a personal data breach?

A personal data breach means an event leading to the destruction, loss, alteration or unauthorised disclosure of, or access to, personal data.

Examples of personal data breaches include

  • lost data transfer devices, such as USB memory sticks
  • stolen computers
  • hacking
  • malware infection
  • cyber attacks
  • fire in the data centre and
  • mailing personal data to the wrong person.

A personal data breach can have consequences such as loss of control over personal data, identity theft or fraud, damage to reputation, or the reversal of pseudonymisation or loss of confidentiality of personal data.

If you are a data processor your report needs to include the following things at least

  1. describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  2.  communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  3.  describe the likely consequences of the personal data breach;
  4.  describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.