Preskočiť na menu Preskočiť na obsah Preskočiť na pätičku
Ministry of Finance of the Slovak Republic - Home
SK

Report an incident

CSIRT MFSR exclusively handles cybersecurity incidents and vulnerabilities related to information systems, infrastructure, data, or misuse of the name of the Ministry of Finance of the Slovak Republic. Reports concerning incidents affecting private individuals or other institutions — especially financial fraud, online scams, or similar attacks that have no connection to the Ministry of Finance of the Slovak Republic — do not fall within the competence of CSIRT MFSR and will not be processed.

Cybersecurity incidents can be reported in the following ways:

  • by email to the official address “incident (at) mfsr.sk” (preferred reporting method),
  • by phone at +421 2 5958 5000 (during working hours only, or in the case of critical incidents by prior arrangement),
  • via secure communication channels (e.g., PGP-encrypted email).

We require as much information as possible about a cybersecurity incident—a clear and detailed description is essential for analysis and subsequent processing.

A cybersecurity incident report consists of a minimum required set of information that every report must include, additional information (if not available at the time of reporting, it will be obtained during incident handling), and attachments needed to resolve the given type of incident.

In the case of sensitive information, please use encryption with our  PGP key (asc, 4,77 kB) 

Detailed structure of a cybersecurity incident report:

  • Minimum required information:
    • Information about the reporting person:
      • full name of the reporter,
      • role/job position.
    • Information about the affected organization:
      • organization name, type of organization,
      • other affected organizations (if the incident impacted additional entities).
    • Information about the incident:
      • type of incident (how to identify the incident type)
      • time and method of detection,
      • is the incident ongoing?,
      • what countermeasures have been taken.
      • Incident severity:
        • affected assets (information systems, devices),
        • impact on the organization’s operations or services.
      • Information about affected assets (information systems, devices):
        • type, function, and criticality of the affected asset in terms of service continuity,
        • does the asset contain non-public information?,
        • contact person for obtaining access to the device,
        • is the asset currently in operation?,
        • URL, IP address, hostname,
        • protocol and ports targeted by the attack,
        • other relevant information.
  • Additional incident information:
    •  Information about the incident:
      • incident start time,
      • were any known vulnerabilities exploited?,
      • detailed description:
        • course of the incident, types of attacks used, origin of the attack,
        • implemented security measures (firewall, antivirus, etc.),
        • were the security measures bypassed?.
    • Information about affected assets:
      • hardware description,
      • software description (operating system type, version, etc.).
  • Attachments to the report:
    • If a malicious file (virus) has been captured, please send it in a compressed and password-protected ZIP archive named “malicious_file” with the password “incident”.
    • If the incident involves an email-based attack (e.g., phishing), please provide the email in .msg or .eml format.