Reporting an Information Security Breach

If you believe an information security breach has occurred, report your concern immediately! Don't delay or assume that it is someone else's responsibility. There is no penalty for reporting a suspected breach. Information Technology Services welcomes your help in keeping University information safe and will respond quickly and confidentially to your report.

University data could be endangered if the information system is accessed by unauthorized individuals or if confidential information has been disclosed to a person not authorized to receive it.

Examples of incidents you should report:

  • Loss or theft of a computer, PDA, or any storage device such as backup media or flash drives which may have contained confidential, sensitive, or personal information
  • Suspected access or use of confidential information inconsistent with university responsibilities, such as accessing information for personal or unapproved reasons
  • Accidental exposure of confidential information to those not authorized to receive it
  • Evidence of suspected attacks against university information systems such as website defacements, possible inappropriate system access, system log files indicating a high number of failed access attempts
  • Loss of paper records containing confidential information

If you suspect a theft, breach, or exposure of confidential information has occurred:

  • Contact Information Technology Services immediately!
  • Inform your supervisor
  • If the incident involves a computer, avoid using it to preserve evidence

Information Technology Services will ascertain the nature of the suspected breach by recording the category of data involved, the scope of the breach, and the steps taken to contain the breach. They will report the incident to the Chancellor and the Office of Information Security. If a theft of university equipment is involved, a police report will be filed.

In accordance with the Information Security Policy, the Office of Information Security will follow the Incident Response Plan to coordinate the incident remediation.

The reporting department and Information Technology Services will cooperate and assist as necessary in the investigation and resolution of the incident.