How-to

Recognize and Report Information Security Incidents

Report an Information Security Incident

Report suspected information security incidents immediately to University Information Security (UIS). Call 911 if you fear for your safety.

  1. Send email with details to security@umn.edu. UIS will contact you with next steps.
  2. If a specific computer, device or server is involved:
  • Leave the device powered on.
  • Disconnect the device from the network (unplug network cable or turn off WiFi).
  • Do not use or clean the device. Attempting to "fix" a compromised system may interfere with our ability to determine the severity of an incident.

Recognize an Information Security Incident

An information security incident is any activity which may involve:

  • Misuse of technology resources, compromise of integrity or loss of confidentiality of University data (electronic or paper-based).
  • Threats to availability of resources (i.e., cyber attack), misrepresentations of identity, or harassment of or by individuals using technology resources.
  • Loss or theft of a University-owned computer (or a personal computer/device storing University data).

Examples include:

  • Exposure of University private data (including paper), accidental or inadvertent e-mail, social media, or posting of data on a web site. See Report Suspected Data Breach.
  • Suspected abuse/misuse of University of Minnesota Internet password and Duo access.
  • Unauthorized use of the accounts used to access University systems or information, which includes escalation of access privilege by an unauthorized person or persons.
  • Spam and email forgery that originates from or is relayed through umn.edu. See Manage Spam Email.
  • Harassment or threats to individuals. Call 911 if you fear for your safety. See Report Electronic Harrassment.
  • Suspected information technology policy violation as described in the University Acceptable Use of Information Technology Resources Policy.
  • Root-level or denial-of-service attacks on networking infrastructure, critical systems, or large, multi-purpose or dedicated servers.
  • Attacks launched on others from within umn.edu.

Symptoms to watch for include, but are not limited to:

  • Unwanted browser toolbars, homepage, or plug-ins appear. You see lots of pop-ups or web page redirects. Your online passwords stop working.
  • New accounts or programs/apps appear on your device.
  • Anti-virus or malware detection software reports that the virus/malware hasn’t been cleaned or quarantined. You see fake anti-virus message from software you don’t remember installing.
  • Programs are requesting elevated privileges that you did not expect. Programs randomly crash. File names look like garbled nonsense.
  • Your mobile device suddenly has unexplained very high data or battery usage. Your computer is unexpectedly running slower than normal. Service or application is unavailable when the service or application is normally available.
  • You are asked to pay ransom to access your data (aka ransomware). Charges for premium SMS numbers show up on your bill.
  • You clicked on an attachment, opened a file, or visited a website that was infected or contained an infected ad. You downloaded music or software that contained unwanted programs
  • University Information Security sends you a notice (security@umn.edu).

If in doubt, reach out by contacting Technology Help or the University Information Security team at security@umn.edu.

Why do we care about information security?

  • We are all responsible. Remember, the sooner you report, the better.
  • Security incidents may expose University data—and data about members of the University community—to potential deletion, modification, or unauthorized release.
  • Federal and state law protects some data, some data is critical to the University's mission and business, and all data is important to the owner.
  • Security incidents may involve the University in threats to people and resources outside the University, for which the University may be liable.
  • Security incidents can deny authorized users access to the resources they need.

To take steps to protect your computer, mobile device, yourself, and the University from these and other security threats, see Practice Safe Computing.

Intended Audience

Students
Instructors
Researchers
Staff & Departments
IT Staff and Partners