How-to Instructions

What Is a Security Incident?

A security incident is any activity which results (or may result) in

  • Misuse, damage, denial of service, compromise of integrity, or loss of confidentiality of a network, computer, application, or data (electronic or paper-based).
  • Threats, misrepresentations of identity, or harassment of or by individuals using these resources.

Examples include:

  • Loss or theft of a University-owned computer (or a personal computer/device storing University data).
  • Disclosure of protected data, including paper disclosure, e-mail release or inadvertent posting of data on a web site. Learn more.
  • Suspected abuse/misuse of University of Minnesota Internet password and Duo access.
  • Unauthorized use of the accounts that you use to access University systems or information, which includes escalation of access privilege by an unauthorized person or persons.
  • Spam and mail forgery that originates from, or is relayed through umn.edu. Learn more.
  • Threats to individuals (done in conjunction with law enforcement). Learn more.
  • Suspected information technology policy violation as described in the University Acceptable Use of Information Technology Resources Policy.
  • Root-level or denial-of-service attacks on networking infrastructure, critical systems, or large, multi-purpose or dedicated servers.
  • Attacks launched on others from within umn.edu.

Where to report Security Incidents?

Report security incidents to University Information Security in the Office of Information Technology at abuse@umn.edu.

Do not use the computer or device. Attempting to "fix" a compromised system may interfere with our ability to determine the severity of an incident. Learn more about how to report.

What are signs to watch for?

  • Your co-workers tell you. They have received a spam or phishy email from you. Learn more.
  • Your browser tells you. Unwanted browser toolbars, homepage, or plug-ins appear. You see lots of pop-ups or web page redirects. Your online passwords stop working.
  • Your software tells you. New accounts or programs/apps appear on your device, Anti-virus or malware detection software reports that the virus/malware hasn’t been cleaned or quarantined. You see fake anti-virus message from software you don’t remember installing. Programs are requesting elevated privileges that you did not expect. Programs randomly crash. File names look like garbled nonsense.
  • Your device tells you. Your mobile device suddenly has unexplained very high data or battery usage. Your computer is unexpectedly running slower than normal. Service or application is unavailable when the service or application is normally available.
  • You need to pay. You are asked to pay ransom to access your data (aka ransomware). Charges for premium SMS numbers show up on your bill.
  • You accidentally took action that unknowingly installed malicious content. You clicked on an attachment, clicked on a malicious .exe file when prompted, or visited a website that was infected or contained an infected ad. You downloaded music or software that potentially contained unwanted programs (PUPs).
  • Your email tells you. University Information Security in the Office of Information Technology (abuse@umn.edu) sends you a notice.

If in doubt, reach out by contacting Technology Help or the University Information Security team at abuse@umn.edu.

Why should you be concerned?

  • We are all responsible. Remember, the sooner you respond, the better.
  • Security incidents may expose University data—and data about members of the University community—to potential deletion, modification, or unauthorized release.
  • Federal and state law protects some data, some data is critical to the University's mission and business, and all data is important to the owners.
  • Security incidents may involve the University in threats to people and resources outside the University, for which the University may be liable.
  • Security incidents can deny authorized users access to the resources they need.

  • You may need to take steps to recover from identity theft. Learn more.

To take steps to protect your computer, mobile device, yourself, and the University from these and other security threats, see Practice Safe Computing.