Take the following steps if your laptop, tablet, or phone has been stolen or lost.
The first step should always be to change the passwords, passphrases, and keys for all sensitive accounts you access with the device. Only change passwords on a trusted or 'known' computer, if you are unsure if you can trust the computer you are using, ask your IT support staff.
- CalNet passphrase: https://bpr.calnet.berkeley.edu/account-manager/.
- Any other passwords/passphrases with access to campus systems hosting or transmitting Protected Data that don't require CalNet authentication.
- Google apps keys for bConnected and eduroam Wi-Fi network: https://wifi-keys.berkeley.edu/.
- All other passwords/passphrases for personal accounts that you may have accessed from or stored on the device.
Report the Theft/Loss
If the device is the property of UC Berkeley, used for university business, or accesses university data, report the incident to:
- UC Berkeley Police Department
- Visit https://ucpd.berkeley.edu/make-report
- Get a case number
- Contact your IT support (most often IT Client Services), to help you gather the following information:
- Device serial number and model name/number
- MAC address of the device
- Was the device backed up?
- Was the device part of the Campus Active Directory?
- Did the device have full disk encryption?
- Then email the Information Security Office (firstname.lastname@example.org) with the following information:
- The timeframe of the theft/loss
- Date and time when you changed your CalNet password after the theft or loss
- The location (jurisdiction) of the report you filed
- Include the case number of any filed reports
- Was the device property of UC Berkeley?
- Was there any protected data stored on the device? (https://security.berkeley.edu/data-classification#table)
- Was there any human subject research data stored on the device? (https://cphs.berkeley.edu/review.html)
- What campus shared systems (applications, servers, databases, etc.) did you access from this device?
- Did the device store data that was governed by a Data Use Agreement, Confidentiality Agreement, Non-Disclosure Agreement, or another contract with a third party?
- The information from #2 above