Education Research Current About VU Amsterdam NL
Login as
Prospective student Student Employee
Bachelor Master VU for Professionals
Exchange programme VU Amsterdam Summer School Honours programme VU-NT2 Semester in Amsterdam
PhD at VU Amsterdam Research highlights Prizes and distinctions
Research institutes Our scientists Research Impact Support Portal Creating impact
News Events calendar Biodiversity at VU Amsterdam
Israël and Palestinian regions Culture on campus
Practical matters Mission and core values Entrepreneurship on VU Campus
Governance Partnerships Alumni University Library Working at VU Amsterdam
Sorry! De informatie die je zoekt, is enkel beschikbaar in het Engels.
This programme is saved in My Study Choice.
Something went wrong with processing the request.
Something went wrong with processing the request.

Data leaks and other incidents

Last updated on 16 January 2026
Information about what data breaches are exactly and what you should do if you discover a data breach.

Examples of data breaches include: a lost USB stick containing personal data, a stolen laptop or an email containing personal data that is accidentally sent to the wrong recipient. However, a data breach can also occur as a result of a hacker breaking into a database and/or malicious software hijacking a computer or files. 

Serious data breaches must be reported to the Data Protection Authority by the university within 72 hours of discovery. Below you can read more about security incidents and data breaches and how to respond.

What is it and what should you do?

  • What is a security incident?

    A security incident is an event in which there is a possibility that the confidentiality, integrity or availability of information or information processing systems is or may be compromised. Examples of security incidents include infection with viruses and/or malware, attempts to gain unauthorised access to information or systems (hacking), loss of a USB stick containing sensitive information, theft of data or hardware, or a hacked mailbox.

    Please notify the IT Service Desk of possible incidents.

  • What is a data leak?

    A data leak is a security incident in which personal details may have been lost or may have been accessed, viewed, changed or used by unauthorised persons. Personal details are details that directly or indirectly refer to a person. For example a name, date of birth, address, telephone number, email address, account number, personnel number, student number or transcript.

  • What should I do in the event that a data leak occurs or if I suspect a data leak occurs or if I suspect a data leak may have occured?

    In the event of a data breach or suspected data breach, please contact the IT Service Desk immediately on 020-59 80000 or servicedesk.it@vu.nl. The IT Service Desk will notify the VU's Security and Operations Centre (SOCC) of the report. The SOCC will then assess, together with the VU's Data Protection Officer, whether there has been a data breach that must be reported to the Data Protection Authority and, if necessary, to the persons whose data is involved. In addition, the SOCC will take measures where necessary to retrieve data and restore security.

    Do I need to contact the Data Protection Authority or the individuals concerned myself?
    No, you do not need to do this yourself. If it is necessary to report the incident to the Data Protection Authority and, where applicable, to the individuals whose data is involved, the VU's Data Protection Officer will take care of this. In order to do this properly, it is important that you provide all the requested information as soon as possible.

  • SOCC

    The Security and Operations Control Centre (SOCC) at VU University Amsterdam is a specialised team of IT professionals who are able to respond quickly in the event of a security incident involving computers or networks. The aim is to minimise damage and facilitate the restoration of IT services.


    The SOCC is affiliated with the SURF Community of Incident Response Teams (SCIRT) and collaborates with various domestic and foreign SOCCs.


    The preferred method of contacting the SOCC is by email: socc@vu.nl. During office hours, VUCERT can also be reached by telephone on 020-598 7159.

  • Responsible disclosure

    VU Amsterdam has a Responsible Disclosure policy, meaning that persons reporting security incidents have immunity from criminal prosecution as long as certain very strict conditions have been met.

    Read more about Responsible Disclosure and the conditions

Are you looking for information on these topics too?

Working with personal data

Quick links

Homepage Culture on campus VU Sports Centre Dashboard

Study

Academic calendar Study guide Timetable Canvas

Featured

VUfonds VU Magazine Ad Valvas Digital accessibility

About VU

Contact us Working at VU Amsterdam Faculties Divisions Privacy Disclaimer Safety Web Colophon Cookie Settings Web Archive

Copyright © 2026 - Vrije Universiteit Amsterdam