Report a Security Incident

It is important that actual or suspected security incidents are reported as early as possible.  The speed with which the campus can respond to an incident can limit the damage and minimize the cost of recovery.

Report security incidents by email to:

Or by phone:  (510) 664-9000 (options 1, 1, 3)

Important:  If the incident poses any immediate danger, contact UC Police immediately at (510) 642-3333 or call 911

When you report an incident, please provide as much information as possible including:

  • Your name
  • Department
  • Email address
  • Telephone number
  • Description of the information security problem
  • Date and time the problem was first noticed (if possible)
  • Any other known resources affected

Include specific details that indicate a system breach, vulnerability, or compromise of your computer.  The Information Security & Policy team will respond to the reported incident with a plan for further containment and mitigation.

What is a Security Incident?

A security incident is attempted or actual:

  • Unauthorized access, use, disclosure, modification, or destruction of information
  • Interference with information technology operation
  • Violation of campus policy, laws or regulations

Examples of security incidents include:

  • Computer system intrusion
  • Unauthorized access to, or use of, systems, software, or data
  • Unauthorized changes to systems, software, or data
  • Loss or theft of equipment used to store or work with sensitive university data
  • Denial of service attack
  • Interference with the intended use of IT resources
  • Compromised user accounts

Back to Top

What should I do if I suspect a serious Security Incident?

A security incident is considered serious if the campus is impacted by one or more of the following:

  • potential unauthorized disclosure of sensitive information
  • serious legal consequences
  • severe disruption to critical services
  • active threats
  • is widespread
  • is likely to raise public interest

Sensitive information is defined in the UCB Data Classification Standard and includes personally identifiable information that is protected by laws and regulations, as well as confidential research protected by data use agreements, such as:

  • Social security number
  • Credit card number
  • Driver's license number
  • Student records
  • Protected health information (PHI)
  • Human subject research

If you know or suspect that the compromised system contains sensitive data, please take these steps to respond:

  • Do not attempt to investigate or remediate the compromise on your own
  • Instruct any users to stop work on the system immediately
  • Do not power down the machine
  • Remove the system from the network by unplugging the network cable or disconnecting from the wireless network
  • Report the incident using the instructions above

In the case of a serious incident, please be aware that continued interaction with a compromised machine can severely affect later forensic analysis.

Back to Top

How do I report Computer or Network Misuse?

A security incident may also refer to inappropriate use of computers and the campus network.  Common violations and examples of misuse include:

  • Communications for commercial or political marketing purposes
  • Email spam
  • Copyright infringement allegations

If the misuse in question originated from a campus email address, network connection, or resides on a Berkeley website, email:

Otherwise, complaints must be directed to the off-campus service provider. You may use the tools to look up the appropriate service provider:

For information about how to respond to online copywright infringement allegations, see the following list of resources:  The Digital Millennium Copyright ACT (DMCA) and Related Resources

Back to Top