RFC-2350

Contact Information

Team Name
KPN-CERT: The KPN Computer Emergency Response Team.

Address
Koninklijke KPN N.V. Attn: KPN-CERT Witte Kruislaan 47a 1217AM Hilversum

Time Zone
KPN-CERT uses Central European Time (CET), including Daylight Saving Time (DST). As such, it is GMT +0100 in the winter and GMT +0200 in the summer.

Telephone Number
KPN-CERT can only be reached by phone for KPN employees. General contact information for KPN can be found at: https://www.kpn.com/service/.

Email Address
The KPN-CERT can be reached via cert@kpn-cert.nl (primary email address) and info@kpn-cert.nl (for general inquiries only).

In addition to the email addresses listed above, each team member has a personal email address within the @kpn-cert.nl domain. However, for all communication regarding incidents, inquiries, and similar matters, only the above-mentioned email addresses should be used.

General contact information for KPN can be found at: https://www.kpn.com/service/.

In the case of abuse by IP addresses from the KPN network or for phishing emails sent in the name of KPN, these can be reported to the KPN Abuse Desk at abuse@kpn.com.

Responsible disclosure reports can be made via cert@kpn-cert.nl. If applicable, the email can be sent PGP encrypted. For more information and our terms regarding responsible disclosure reports, please consult our responsible disclosure policy: https://www.kpn.com/algemeen/missie-en-privacy-statement/security-vulnerability.htm.

Fax Number
None

Other Communication
None

The usual public PGP Key for KPN-CERT team is the yearly key, which belongs to the e-mailadres: cert@kpn-cert.nl.

The current key:

"KPN-CERT Year 2025 Key (KPN-CERT Year 2025 Key) <cert@kpn-cert.nl>"

Fingerprint: ff76a210184e681ff545b8db1d9f4f500ad5b8c4

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBGdQU7gBCAC+/ojSWsRgAA4cXg31AOlIAewUgaJZ5pQ3b+hFgSyAG3r3VdZI
57ZxEX76UMCsEnHX7YJEfpIRc5MLOPF4g7aFJAxeUdbtntUXN/mLEDobuwtRe7zX
fP0uBBWHDsEnMVSO1ZK5Tefzj2WI/7ogP/q/nMMZriBY5E5PGlIh47UMbP9JkUZE
oKVCZ6j9EFUYiL8B8Lg3POKJ/BcdPr/oTLuFEmqbgciV5wkDHYu8xKp7LTyPK0yK
QZ9JDcwldWcV9D0LU8iX9U3WCkelsoLuMndia1SBtuuwLQHB4y/AftSJK+fX1V5o
aYQI48JEnlqZCUIxslqTJcuKtR0AmhEhvskbABEBAAG0KUtQTi1DRVJUIFllYXIg
MjAyNSBLZXkgPGNlcnRAa3BuLWNlcnQubmw+iQE+BBMBCAAoBQJnUFO4AhsDBQkC
LaqABwsJCAcDAgEGFQgCCQoLAxYCAQIeAQIXgAAKCRAdn09QCtW4xFsyCACiJ5dY
ixV3qR0iuvuD6PT4ZZiJZG4ivQi5rzrwaThcs/YjtfN4YC+oBiBU3EUZIb6I+FxA
Ur6BlUpT91Qc0Yc0jgenVm/YKc3IrYMU6ohIl4nK+XQBPZZ2ZAURBo8iWJ74O4gE
AGBKnA9Sk57dD5Ig4oiLwoVU7lC/51lZ74KVR+uJZ5No4BqmpfGXsd+dheUsA1ae
1YyQdGYEyEsKtq3xp082X6Ftm+SeXnVZaGRLb9qy578yz31I6H2qZnANvDXf+rN1
zE1BxNqDFILHtal24TB/PjnGAhYmD4ng9f/G0WSO8+eTJkdDvkHyH95wU6EX5Bhc
ccYd7boOj7c2Zmc1iQIcBBABCAAGBQJnUFTNAAoJEJ7i/b3Abjak+HEP/ArwYk6T
VledfVdyI0btDzc58ntK6o9umIYq1P5AO7VI+gid7H1/8mS/xvdzQ4izGIvhuWni
iJAe5F8k9miXIGYLEUALNJHNcKuWgpEP+OryWbQkwr4MTGee6WlUvOAlX7nw+13I
21wLpI/7ri/QjSi2anMiUVCihVzpVdcgB5dh6UYUfC8IdIIjZDZsRS+1rxM16Okm
hbvp5jzZFVwXNBUuf2C44NKHUTMsVocLIPVaXXqQYp0NdM4YQxpyQOcx8jFPd2sp
ifcwbv1VV9KAC3ZiukMAegD8U6s3NjBLqOoZ93uMMLEWeqWpPLYov8aHW44CizGv
Gr2nzti2dp2hI72yasS+2TM9dpMH0TOhwsiGpk7jCwhHv+JgHwMWZCduZEPUItwX
mqirEIzYrzRbPwOwfBnpvB7F3H+TgKcLETJo9jP/ddzIija4KQCrrb2BWW4n7AfZ
HR9V0gG1TNK8mVob3fbLxS/a4MLEcYhageZOWXHkE/81viKkxu/bUvXqH+9jXbD+
9kPTIMwWq858vOducZ0VsdrA5skou0Q/M705KxRwc8RQEkgucxaMhplTC2/t2b1U
2RI7jSox1tHbO6DY2KkkADUyuJ2Iif6xlQJNpZ2M7oMGOUNnOjqskqhQxW1oeuo2
OVL6pwPL7mPV/JlpKOG56Aqcfrg8yvf5GpATuQENBGdQU7gBCACycASXJOCneK/v
BpiUJ1egcV1lw6TfXaRn7wVq8SJj8ThDpmohEg5Ag7iTJmCxBvmi9uRz8O/ii/Ll
Z125wHEXb9TstLxHu6tBuyhMjttI9v8qKOW+WiKsyBWSbQiMKGXyNudhVA8VOahG
pHwR/4lZXUut2nKe4inrZl5xFk7xvOWouQQ7vxcN6gJVd5kaJ9+OEwqoRzjWI9B7
iddTIvPfsrHrewYxoTfDkCcOYaPrEGtn2rxaViiTAFO7IicBi/jUYysG3EVa6KLV
T6TSxZ7DYNkKJAJcKubfAqZpfGkkvxf3TE34kieLJeBwKiSauHaR+uDeLNAOr9k9
hHmAikBBABEBAAGJASUEGAEIAA8FAmdQU7gCGwwFCQItqoAACgkQHZ9PUArVuMQ7
EAf/Vr9bYUDSfWq+WD7xgfaOSUEcTm6BfwPbwJjPhcdMwUbzpzZ6spyEJ3m+EYBy
AEHNSbx+DKQJl3TWY45/ZhQyE6qE3GlG6N8lcBvc9LTI+JhVnC8lXmC7LHKFWxcI
WXAsP8Per0T1Ye6qmpd6R3+fXZA5FibVc0RD/Dcb3E+6ryGzpzzuIWlpaNwEoyqp
5PVzURmzXPjtH7Ry2INKYshbM+8DG0BnvpjOy94VTZI9fcNLHMmnPaOgZ2SadrxA
z4D1RxZ1AbmeUTGJdRGMUxSfzKHKGpAMDs9fX7lRihlXBelk97r+NiM63vCOoYcq
lIt12074jSNcaCCMciaesqfukw==
=sznN
-----END PGP PUBLIC KEY BLOCK-----

The Master Key is used to sign all KPN-CERT keys, please don't use this key to encrypt emails to us. Details are below:

"KPN-CERT Master Key"
KeyID: 0xC06E36A4
Fingerprint: 80f74541d5cf03e3fe4532729ee2fdbdc06e36a4

Team Members

KPN-CERT consists of the following members:

Anand Groenewegen
PGP Fingerprint: 8893c00818dbb7a1c4144066edcf556579605851

Andre Oosterwijk
PGP Fingerprint: f3d882a64413b83e1b33e2caf6ac4a17abf8ee07

Coen de Jong
PGP Fingerprint: fbd522c7a1fb95a697cff425dc97e6a992cdc335

Ewoud Smit
PGP Fingerprint: 7a50893899745d419cd727c5081d0e53596b9fae

Freek Bax
PGP Fingerprint: 61d09f81ceb9e8e1fdece4bb81ce9aa2c526cfa5

Johan Storm
PGP Fingerprint: 6df6b32f784b0e94d684f3c7bc12ce9ba96b2bfa

Mandy Mak
PGP Fingerprint: 75bb22c54ec52866ea11398db94d22d3e6a3cb33

Peter Habets
PGP Fingerprint: 05c9edb2b78d0cacd132797fd55f1a60fd92c261

Raul Mercelina
PGP Fingerprint: a06e74febd34687f86b6ef59938a376772f0b740

Roland Vergeer
PGP Fingerprint: 47be56aec7445a27afb5b1e7432bc4a9bfced095

Ted Kruijff
PGP Fingerprint: 58db9483e778be65a345b9dfb9fbd09fba10dff8

Siep van der Waal
PGP Fingerprint: 92caa6f4e46a7dea32305a489e110092876b0df6

Privileges

Mission

KPN-CERT responds to security incidents, enforces mitigation, conducts forensic investigations, collects and analyzes threats, and functions as an advisory body in security-related matters.

Constituency

KPN-CERT is appointed to improve the digital security of KPN and its services.

Sponsorship and/or Affiliation

KPN-CERT is part of and funded by KPN.

Authority

KPN-CERT is part of CISO and reports directly to the KPN Board of Directors. KPN-CERT operates with the authority of CISO.

Policy

Incident Types and Support Level

KPN-CERT is authorized to address all types of security incidents that occur or threaten to occur at KPN.

Collaboration, Communication, and Information Publication

KPN-CERT is a member of various intelligence-sharing communities and works closely with other CERT/CSIRT teams worldwide.

There are legal restrictions and KPN policies on the sharing of information by KPN-CERT. All appropriate measures are taken to respect the confidentiality of team members, KPN systems, and groups of people and organizations. We do not provide personal or technical information about customers in compliance with the law.

Communication and Authentication

Communication takes place through various means, such as phone, email, and in-person. The identity of the communicating party will be verified using the resources available to the CERT.

Services

Incident Response

Incident Triage

All reported incidents are triaged by the Security Operations Center, which is staffed 24/7. In an emergency, the Security Operations Center will contact the KPN-CERT on-call service. All reported incidents are assessed based on risk, impact, and priority and are handled accordingly.

Incident Coordination

During the resolution of an incident, various steps can be taken, including:

• Determining the initial cause of the incident (exploited vulnerability).
• Facilitating contact with other involved parties.
• Facilitating contact with government authorities.
• Notifying other CERT/CSIRT teams.
• Composing announcements to users.
• Escalation and/or crisis management.

Incident Resolution

KPN-CERT is the point of contact for coordinating the resolution of security incidents. This includes enforcing mitigation strategies and leading forensic investigations.

Proactive Activities

KPN-CERT proactively gathers risk intelligence and distributes it where necessary, both within and outside the organization.

Disclaimer

KPN-CERT is not able to guarantee the availability and accuracy of all information on this site. Under no circumstances will KPN-CERT be responsible for damage caused by the absence or inaccuracy of information on this site.