Report an IT Security Incident | safecomputing.umich.edu

How to Report

Report IT security incidents to [email protected].

Find out about reporting IT security incidents and how they are handled in this short video:

Text Summary: Report an IT Security Incident Video.

Report actual or suspected IT security incidents as soon as possible so that work can begin to investigate and resolve them.

If the incident poses any immediate danger, call 911 to contact law enforcement authorities immediately.

You can also report IT security incidents within your unit or department.

MiWorkspace Units: You can report incidents to the ITS Service Center.
Michigan Medicine: Report incidents to the Health Information Technology & Services (HITS) Service Desk by calling 734-936-8000.
All Other Units: You can report incidents to the Security Unit Liaison designated by your school, college, or department or to your IT department.

Unsure where to report an incident? You can always report it to [email protected].

What Is an Information Security Incident?

An information security incident is a suspected, attempted, successful, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information; interference with information technology operations; or significant violation of the university policy on Responsible Use of Information Resources (SPG 601.07). Examples of information security incidents include:

Computer system intrusion
Unauthorized or inappropriate disclosure of institutional data.
Suspected or actual breaches, compromises, or other unauthorized access to U-M systems, data, applications, or accounts
Unauthorized changes to computers or software
Loss or theft of computer equipment or other data storage devices and media (e.g., laptop, USB drive, personally owned device used for university work) used to store university data as defined in the policies on Institutional Data Stewardship (SPG 601.12) and Research Data Stewardship (SPG 303.06)
Denial of service attack or an attack that prevents or impairs the authorized use of networks, systems, or applications
Interference with the intended use or inappropriate or improper usage of information technology resources

Why Report an Incident?

ITS Information Assurance (IA) can help you resolve the incident and recover your account/assets.
U-M units: if the incident involves the potential for recoverable losses, you must report the incident to IA* in order to submit a claim on your cyber risk insurance coverage.
It is U-M policy to report IT security incidents; see Information Security Incident Reporting (SPG 601.25).

* IA is the liaison to the Office of Risk Management with respect to initiating claims under the cyber risk insurance coverage that Risk Management provides to U-M units.

For Unit IT Staff

See Responding to an IT Security Incident for a quick reference guide, IT Security Incident Management Guidelines for U-M Units for detailed guidelines, and Incident Response Operating Level Agreement (OLA) for an overview of the responsibilities of central offices. See also Incident Response Roles and Responsibilities.

Report Phishing

Google at U-M users can forward phishing email to [email protected]; include what Google calls the original message. Michigan Medicine Outlook/Exchange users can use a Report Phishing button. For details, see Report Phishing.