Report An Information Security Incident
Experiencing an actual or suspected information security incident? This page contains guidance on how to report different types of incidents, as well as tips on what to do (and what not to) based on the situation. Reporting incidents helps minimize incident impact, while also helping UCI strengthen our defenses against future incidents. Thank you for your help in protecting our campus.
Step 1: RECOGNIZE an Information Security Incident
Here are a few examples:
- You got phished
- Lost or stolen device
- Password theft or compromise
- Your device is infected with malware
- Accidentally disclosing protected information (e.g., via email)
Step 2: REPORT Information Security Incidents, even when in doubt
There are three easy ways to report:
- With U For U App (Report --> Cybersecurity)
- Help Desk 949-824-2222 (x42222)
- Email firstname.lastname@example.org
If you think there has been a HIPAA violation, please use the confidential line to report it to UC Irvine's Health Privacy Officer at 1-888-456-7006 or contact the UCI Health Service Desk at 714-456-3333 and request the Data Security team.
Step 3: HOLD TIGHT, help is on the way
We will review your report and respond.
** If you believe your device may be infected with malware, please take the following precautions to preserve evidence while awaiting a response:
- Don't allow systems to be modified or used
- Don't change or investigate affected systems
- Don't run any anti-virus programs
- Don't turn off the device, unless instructed to by OIT Security or Help Desk
- Don't install patches
- File a report with the UC Irvine Police Department.
- If you a university employee, report it to your supervisor or school administration.
- If you have university restricted data, immediately follow the data breach process above.
If you think your UCInetID password has been stolen or your account has been inappropriately accessed:
- Immediately reset your password.
- Notify the OIT Security Team by emailing email@example.com or contact the UCI Health Service Desk at 714-456-3333 and request the Data Security team.
- Use the My Account Activity application to view your recent UCInetID account activity for common OIT services, verify all the activity is legitimately you.
- If you are a University employee, also notify your supervisor.
- If appropriate, file a report with the UC Irvine Police Department.
Ransomware is a form of maliciuos software that prevents a user from accessing their system, either by locking the screen or by encrypting files. The perpetrator then demands a 'ransom' payment from the victim before restoring access. If you think your system has been infected with ransomware, phone the OIT Help Desk immediately at 949-824-2222 (x42222) and email firstname.lastname@example.org.
To report spamming or other abuse from a UC Irvine system, please send an email to email@example.com.
UC IS-3 Electronic Information Security Policy, section 16.1.2 Reporting Information Security Events
- Workforce Members must promptly report known or suspected Information Security Incidents, Information Security Events, threats or vulnerabilities associated with Institutional Information or IT Resources to the Workforce Manager, Unit Head or CISO.