IT - Information Security Incident Reporting and Response

Immediately Report Information Security Incidents

Report any suspected or confirmed information security incidents, including email phishing attempts or vulnerabilities in information systems, to itprotect@umass.edu

If you suspect a compromise or unauthorized access to credit card information,
also contact the campus ecommerce representative immediately (pci@admin.umass.edu) to initiate the appropriate response, pursuant to the acquiring bank and card brand incident response procedures.

Violations of policies, such as online threats, harassment, hacking attempts, etc. involving UMass IT accounts and services should be reported to itprotect@umass.edu . If you are concerned for your physical safety related to threats and harassment, contact your closest law enforcement.

Respond to Information Security Incidents

The primary goals of our incident response processes are to, as quickly as possible:

Contain the incident and reduce the risk to people, data, IT systems, and accounts.
Return affected systems, accounts and data back to an operational state.
Comply with the relevant laws, business regulations, policies and standards.

Information security incidents involving university IT equipment, IT accounts, data, or personal devices containing university data can have serious consequences.

Reporting and responding to potential incidents promptly and efficiently helps protect the university's assets (e.g., data, accounts, computers, networks) and helps ensure compliance with state and federal law, business regulations and university policy.

Contact itprotect@umass.edu and review guidance for responding to information Security Incidents for assistance and guidance on responding to Information Security incidents.

Examples of Information Security Incidents

An information security incident is an event that compromises the confidentiality, integrity or availability of university IT systems, accounts or data.

Examples include, but are not limited to:

Social Engineering Attempts
- Phishing/Scam email messages

Endpoint devices or servers compromised by malware.
- Desktops, laptops, and servers infected with malicious software (e.g., Ransomware, malware, viruses).
IT devices/service accessed or modified without authorization.
- Devices accessed and/or modified without appropriate authorization.
- Unauthorized system hacking attempts
Unauthorized access to IT accounts
- Compromised or stolen credentials (e.g., usernames and passwords), credentials lost to phishing scams,
- Unauthorized logins or login attempts on IT devices
Unauthorized access to data
- Accessing data without authorization
- Accidental disclosure of data (E.g. mis-directed email, overly permissive sharing of files, non-public data exposed on a website, etc.)
Lost or stolen computing devices
- Lost or stolen departmental laptops, USB drives, cell phones, or other devices that may contain university data. Report lost or stolen university-owned devices.

Hacking attempts
- Unexpected two-step-login/Multi-factor Authentication (MFA) prompts
- Password Brute-force attacks
- Denial of Service (DDoS/DoS) attacks