Report a Security Incident

What is a Security Incident?

A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction of information. This includes interference with information technology operation and violation of campus policy, laws or regulations.

Examples of security incidents include:

Computer system breach
Unauthorized access to, or use of, systems, software, or data
Unauthorized changes to systems, software, or data
Loss or theft of equipment storing institutional data
Denial of service attack
Interference with the intended use of IT resources
Compromised user accounts

It is important that actual or suspected security incidents are reported as early as possible so that campus can limit the damage and cost of recovery. Include specific details regarding the system breach, vulnerability, or compromise of your computer and we will respond with a plan for further containment and mitigation.

How to report a security incident

email: security@berkeley.edu(link sends e-mail)

phone: (510) 664-9000 (option 4)

Important: If the incident poses any immediate danger, contact UCPD immediately at (510) 642-3333 or call 911

Information to include in the report:

Your name
Department
Email address
Telephone number
Description of the information security problem
Date and time the problem was first noticed (if possible)
Any other known resources affected

What should I do if I suspect a serious Security Incident?

A security incident is considered serious if the campus is impacted by one or more of the following:

potential unauthorized disclosure of sensitive information
serious legal consequences
severe disruption to critical services
active threats
is widespread
is likely to raise public interest

Sensitive information is defined in the UCB Data Classification Standard and includes personally identifiable information that is protected by laws and regulations, as well as confidential research protected by data use agreements, such as:

Social security number
Credit card number
Driver's license number
Student records
Protected health information (PHI)
Human subject research

If you know or suspect that the compromised system contains sensitive data, please take these steps:

Do not attempt to investigate or remediate the compromise on your own
Instruct any users to stop work on the system immediately
Do not power down the machine
Remove the system from the network by unplugging the network cable or disconnecting from the wireless network
Report the incident using the instructions above

In the case of a serious incident, please be aware that continued interaction with a compromised machine can severely affect later forensic analysis

How do I report Computer or Network Misuse?

A security incident may also refer to the inappropriate use of computers and the campus network. Common violations and examples of misuse include:

Communications for commercial or political marketing purposes
Email spam
Copyright infringement allegations

If the misuse in question originated from a campus email address, network connection, or resides on a Berkeley website, email:

abuse@security.berkeley.edu

Otherwise, complaints must be directed to the off-campus service provider. You may use the Abuse.net tools to look up the appropriate service provider:

For information about how to respond to online copyright infringement allegations, see the following list of resources: The Digital Millennium Copyright ACT (DMCA) and Related Resources

Quick Links

Report a Security Incident ⇢
How to report Security Incidents such as an intrusion, breach, and computer/network misuse

Respond to a Security Notice ⇢
How to respond if you have received a security notice from the Information Security Office

Report a Stolen or Lost Device ⇢
Steps to take if your laptop, tablet, or phone has been stolen or lost

Request a Policy Exception ⇢
Instructions to request an exception to the campus minimum security standards

Submit an Off-Site Hosting Request ⇢
Request to host data services off-campus with a third-party service provider