Skip to content

Security Incident Reporting

Security Incidents

A security incident is any event that could compromise the confidentiality, integrity, or availability of systems or data in the sciCORE+ infrastructure. This includes scenarios like unauthorized access, unusual system behaviour, or misuse of sensitive data whether intentional or accidental.

In many cases, security incidents begin with more subtle signs or simple mistakes. For instance:

  • a phishing email pretending to be a support ticket asking you to click a link

  • a login attempt to your user account from an unfamiliar location

  • receiving a 2FA prompt when you’re not actively logging in

  • a strange or unexpected process running on your machine

  • accidentally downloading research data to a personal laptop

  • committing sensitive data (like patient information) to a code repository such as GitLab

Once you have recognized such an incident:

  1. Make a screenshot
  2. Record the sender’s email address, subject line, and any suspicious links
  3. Report the case to scicore-security@unibas.ch

Important

Your prompt action can safeguard not only your project, but also the entire sciCORE+ infrastructure!

If you have a concern about a security issue, especially if it involves a potential breach of sensitive health data, please contact us at scicore-security@unibas.ch immediately.

Below is a sample security incident report template tailored for phishing incidents. You can customize this accordingly when reporting to the security team.

Example

Security Incident: Suspicious process in compute node

Date/time when first observed
July 13, 2025 - 18:50 CEST

Incident details
I noticed a background process running on my compute node (node123) that I didn’t start. It was using unusually high CPU and network bandwidth. SSH login history shows a session from an unknown IP.

Project or accounts affected
Observed on compute-node123 in tenant-project123; my user account (user123) looks compriomised.

Actions taken
Killed the suspicious process, informed the PI and data managers.

Additional information (if any)
Suspicious IP: 100.x.x.x
Process name: ./runme in /tmp
Attached: output of ps aux and last -i