Support and advice on IT security incidents

If you notice security-relevant events (e.g. hacking, misuse, unusual system or network behavior) or even just have a suspicion to this effect:

  • Report the incident to security@luis.uni-hannover.de or call us (0511 762 9996)
  • If possible, disconnect the affected system from the network (pull the Ethernet cable, deactivate WLAN or switch off the computer "hard", e.g. by pressing the on/off button for a long time.).

If possible, specify the following points in the message:

  • Affected system (operating system, computer name or network address)
  • What was noticed and when?
  • Contact address / phone of the responsible IT representative (see here)

We will then contact you or the system administrator immediately and discuss the next steps together.

  • Cleanup of a compromised system
    The only way to clean a compromised system is to flatten and rebuild.
    Jesper M. Johansson, Microsoft Corporation, 2004 (still current)

    Flatten and rebuild refers to the re-setting/resetting of an operating system. This is a best practice for any kind of malware/virus attack. It is not sufficient to clean the affected system with virus scanners or similar. Likewise, the integrity and confidentiality of the data on the affected system cannot be guaranteed.

    The original article from the Microsoft documentation which describes the procedure is linked here:
  • Changing stored / entered access data

    If a system is compromised, we recommend changing all stored and entered access data. It cannot be ruled out that password memories have been read or password entries have been recorded by malware.

  • Notification of data protection breaches according to Art. 33 DSGVO

    IT security incidents often involve a breach of personal data protection. Examples may include the compromise of an email account or the loss of a data carrier containing personal data.

    Pursuant to Article 33(1) of the GDPR, the breach must be notified to the competent supervisory authority within 72 hours after it becomes known.

    The applicable circular and the associated notification form can be found here (internal).

  • Prevention / Preventive measures
    The LUIS security team offers security awareness and preventative measures for the secure use of IT at LUH:
  • If encrypted communication is desired

    If you would like to communicate with the security team in encrypted form, please indicate this in your request to security@luis.uni-hannover.de. A member of staff will then contact you directly by encrypted mail.

Related topics


IT Security
Security team
IT Security
Security team
Hotline IT-Service-Desk
Office hours
The IT service desk is currently available by phone Monday to Friday 8:00 a.m. – 5:00 p.m.
Hotline IT-Service-Desk
Office hours
The IT service desk is currently available by phone Monday to Friday 8:00 a.m. – 5:00 p.m.