Security incidents and data breaches: instructions for users

This guide is intended for students, faculty, and staff of the Politecnico di Torino and provides clear, practical guidance on how to recognize, prevent, and report cybersecurity issues and suspected personal data breaches, in compliance with the University’s procedures.

A personal data breach is a security incident that may involve, including accidentally:

  • loss or theft of personal data;
  • unauthorized access to data or systems;
  • unintentional disclosure of information;
  • unavailability of data due to viruses or malware.

A cybersecurity incident or a personal data breach may have significant consequences for:

  • the individuals involved (students, colleagues, third parties);
  • the University;
  • the protection of personal data and the continuity of services.

Even an incident that may seem minor, or a simple suspicion, must be reported. The assessment of severity is not the responsibility of the user, but is carried out by the competent structures of the Politecnico.

Report the incident immediately if, for example, any of the following occurs:

  • loss or theft of computers, smartphones, tablets, USB drives, or hard disks;
  • receipt of suspicious emails (phishing) requesting credentials or personal data;
  • sending emails or documents to the wrong recipients;
  • suspicious access to your institutional account;
  • virus or malware infections;
  • loss of paper documents containing personal or sensitive data;
  • inability to access data or systems due to cybersecurity incidents.

In the event of a suspected security issue:

  • Report the incident immediately to the 5050 Service Desk
  • Do not delete emails, files, or other evidence;
  • Do not attempt independent solutions that could worsen the situation;
  • Change your access credentials if you suspect they have been compromised.

Timely reporting is essential to reduce risks and enable the University to take appropriate action.

If the incident involves personal data, the University follows a specific internal procedure in accordance with data protection regulations (GDPR).

Reporting allows the University to:

  • assess the risk to the rights and freedoms of the individuals involved;
  • take the necessary measures;
  • comply with the applicable legal obligations.

Useful links

The Polito CSIRT (Computer Security Incident Response Team) is responsible for the technical management of cybersecurity incidents and publishes:

  • security alerts;
  • technical recommendations;
  • information on vulnerabilities and threats.

The CSIRT is not the first point of contact for user reports, which must always be submitted through the 5050 Service Desk.

CSIRT-PoliTO

Who is intended for

 
icona docenti

Faculty

 
icona personale tecnico amministrativo bibliotecario

Technical, Administrative, and Library Staff

 
icona studenti

Students