Information Security Incident Reporting and Response


Immediately Report Information Security Incidents

Report any suspected or confirmed information security incidents, including email phishing attempts or vulnerabilities in information systems, to itprotect@umass.edu

If you suspect a compromise or unauthorized access to credit card information,
also contact the campus ecommerce representative immediately (pci@admin.umass.edu) to initiate the appropriate response, pursuant to the acquiring bank and card brand incident response procedures.

Violations of policies, such as online threats, harassment, hacking attempts, etc. involving UMass IT accounts and services should be reported to itprotect@umass.edu  . If you are concerned for your physical safety related to threats and harassment, contact your closest law enforcement.


Respond to Information Security Incidents

The primary goals of our incident response processes are to, as quickly as possible:

 

Information security incidents involving university IT equipment, IT accounts, data, or personal devices containing university data can have serious consequences.

Reporting and responding to potential incidents promptly and efficiently helps protect the university's assets (e.g., data, accounts, computers, networks) and helps ensure compliance with state and federal law, business regulations and university policy.

Contact itprotect@umass.edu and review guidance for responding to information Security Incidents for assistance and guidance on responding to Information Security incidents.

Examples of Information Security Incidents

An information security incident is an event that compromises the confidentiality, integrity or availability of university IT systems, accounts or data.

Examples include, but are not limited to: