Report a Security Vulnerability

If you have discovered or suspect a security vulnerability on any systems owned or operated by UC Berkeley, please report it immediately:

Report the vulnerability to the Information Security Office by emailing security@berkeley.edu

Please provide as much information as possible. 
Never include sensitive information over email, instead, call us at: (510) 664-9000 (option 4).

Include in your report:

  • Your name and contact information
  • Which systems are affected (IP addresses, hostnames, URLs, etc.)
  • Description of the security vulnerability and steps to reproduce the issue
  • Date and time the vulnerability was discovered
  • Any other known resources affected

If you are an approved participant in the UC Berkeley Vulnerability Disclosure Program:

Report the vulnerability as outlined here:  Vulnerability Disclosure Program - Reporting Process

Quick Links

Report a Security Incident 
How to report Security Incidents such as an intrusion, breach, and computer/network misuse

Respond to a Security Notice ⇢
How to respond if  you have received a security notice from the Information Security Office

Report a Stolen or Lost Device ⇢
Steps to take if your laptop, tablet, or phone has been stolen or lost

Request a Policy Exception ⇢
Instructions to request an exception to the campus minimum security standards

Submit an Off-Site Hosting Request ⇢
Request to host data services off-campus with a third-party service provider