Report an Incident

An information security incident is any activity which may involve:

• Misuse of technology resources, compromise of integrity or loss of confidentiality of University data (electronic or paper-based).
• Threats to availability of resources (i.e., cyber attack), misrepresentations of identity, or harassment of or by individuals using technology resources.
• Loss or theft of a University-owned computer (or a personal computer/device storing University data).

Immediately discontinue using the device or system that may be involved in a suspected security incident or data breach. Use alternative communication methods via a different device and call Technology Help at tel:612-301-4357 to report the incident to University Information Security. Wait for further instructions before turning the device or system off.

Known or suspected violations should be reported immediately through any one of the following options:

• U Report: The UReport provides a way for University community members to report violations of rules, regulations and policies via phone or online. The report can be made anonymously.
• Via email to security@umn.edu: This email is monitored by staff at OIT University Information Security.  Your report will be reviewed by OIT University Information Security and forwarded to MSI for follow-up as needed. 
• If you suspect you are the victim of a phishing attack, report the attack to phishing@umn.edu.  Additional information about phishing attacks can be found at it.umn.edu/phishing. 
• Unwanted browser toolbars, homepages, or plug-ins appear. You see lots of pop-ups or web page redirects. Your online passwords stop working.
• New accounts or programs/apps appear on your device.
• Anti-virus or malware detection software reports that the virus/malware hasn’t been cleaned or quarantined. You see fake anti-virus messages from software you don’t remember installing.
• Programs are requesting elevated privileges that you did not expect. Programs randomly crash. File names look like garbled nonsense.
• Your mobile device suddenly has unexplained very high data or battery usage.
• Your computer is unexpectedly running slower than normal. Service or application is unavailable when the service or application is normally available.
• You are asked to pay ransom to access your data (aka ransomware). Charges for premium SMS numbers show up on your bill.
• You clicked on an attachment, opened a file, or visited a website that was infected or contained an infected ad. You downloaded music or software that contained unwanted programs.
• University Information Security sends you a notice (security@umn.edu).

If in doubt, contact Technology Help or the University Information Security team at security@umn.edu.

Examples of an incident could include:

• Exposure of University private data (including paper), accidental or inadvertent e-mail, social media, or posting of data on a website. See Report Suspected Data Breach.
• Suspected abuse/misuse of University of Minnesota Internet password and Duo access.
• Unauthorized use of the accounts used to access University systems or information, which includes escalation of access privilege by an unauthorized person or persons.
• Spam and email forgery that originates from or is relayed through umn.edu. See Manage Spam Email.
• Harassment or threats to individuals. Call 911 if you fear for your safety. See Report Electronic Harassment.
• Suspected information technology policy violation as described in the University Acceptable Use of Information Technology Resources Policy.
• Root-level or denial-of-service attacks on networking infrastructure, critical systems, or large, multi-purpose or dedicated servers.
• Attacks launched on others from within umn.edu.