Reporting a Security Incident

What is a security incident? It is unauthorized access, use, disclosure, modification, or destruction of information. It interferes with Information Technology operation(s) and violates explicit user policy.

Sometimes attempts are obvious, such as phishing emails – but other times a violation may not be as clear. The following are some examples of reportable incidents:

  • Phishing emails.
  • Preventing computers from updating or altering security and network settings.
  • Theft of computers or devices with University data.
  • Use of someone else’s login identity.
  • DDoS attacks.
  • Outside access to internal computer networks.
  • Changing or altering data (such as medical records or cardholder data).

Remember, even if the attempt is not successful, it should still be reported to help prevent further attacks.If you have recognized an incident and need to report it, take the following steps:
  • Send your email to with the subject: Security Incident - High Priority
  • Provide the computer's IP address. Describe the nature of the problem to the best of your ability. Include the date/time of discovery, how the incident was detected, the duration, impact (loss/compromise of data, system downtime, damage to the systems, etc).
  • Copy/paste email message headers, activity logs showing the suspicious or offensive activity. Do not modify the files in any way.
  • Provide your name, title, department, and phone number.

Have questions? We're here to help!

If you have questions about cybersecurity, or if you want to learn more about how to stay safe online, contact the Information Security Office (ISO) at: