0x00

Report a cybersecurity incident

If you discover a potentially security-relevant incident or vulnerability, we kindly ask you to report it to us as soon as possible. Depending on the type of security incident, it is absolutely necessary to act promptly.

The easiest and safest way to report an incident is by using our Report Assistant. This form can be filled out anonymously if desired. However, we ask you to include your name and contact information so that we have the possibility to get back to you in case additional questions arise or simply to give you advice on how to prevent this type of security incident in the future.

If you have any further questions concerning cybersecurity or would like to report an incident via phone or e-mail, please find a complete list of contact details in our contact section. If you wish to report an incident via e-mail, we recommend that you use the provided PGP key.

All information provided to us will of course be treated confidentially in accordance with our Information Disclosure Policy.

0x01

Submit a report

An error occurred. Please contact us using a different channel.

Verification failed. Please make sure all fields are filled in correctly.

Captcha verification failed. Please try again.

We could not process your report. Please try again later.

PGP encryption is not available. Please contact us using a different channel.

Please check your internet connection and try again.

We have received your report and will process it shortly.

0x02

What is a security event or incident?

An information security event is a specific event that may have an impact on a system, service or network and indicates a possible violation of information security policies, a failure of safeguards or a previously unknown situation that could pose a security risk.

An information security incident is a single incident or a series of unwanted or unexpected security-related incidents that are considered most likely to compromise business operations or information security. In this context, “information security” refers to the protection of confidentiality and integrity as well as the availability of information.

0x03

How to disclose security incidents responsively

In the event that you discover a security incident or vulnerability, we ask you to follow a few simple guidelines in order to allow us to resolve it as quickly as possible and to work out preventive measures.

The first step is to report the incident to us immediately. Most importantly, however, it is essential that no information about the discovered incident is released to the public until GOVCERT.LU has implemented all necessary measures to resolve it.

Please refer to our Responsible Disclosure Policy for more information on the responsible disclosure of security incidents and use our Report Assistant to report the discovered vulnerability in a secure and easy manner.

0x04

Hall of fame

Here is a list of the individuals and organisations that explicitly helped us in improving the cybersecurity situation in Luxembourg, by reporting discovered IT security and vulnerability issues.

Before reporting an incident, we ask you to read the Responsible Disclosure Policy.