Report An Information Security Incident

Experiencing an actual or suspected information security incident? This page contains guidance on how to report different types of incidents, as well as tips on what to do (and what not to) based on the situation. Reporting incidents helps minimize incident impact, while also helping UCI strengthen our defenses against future incidents. Thank you for your help in protecting our campus.

Step 1: RECOGNIZE an Information Security Incident

Here are a few examples:

  • You got phished
  • Lost or stolen device
  • Password theft or compromise
  • Your device is infected with malware
  • Accidentally disclosing protected information (e.g., via email)

Step 2: REPORT Information Security Incidents, even when in doubt

There are three easy ways to report:

  • With U For U App (Report --> Cybersecurity)
  • Help Desk 949-824-2222 (x42222)
  • Email security@uci.edu

If you think there has been a HIPAA violation, please use the confidential line to report it to UC Irvine's Health Privacy Officer at 1-888-456-7006 or contact the UCI Health Service Desk at 714-456-3333 and request the Data Security team.

Step 3: HOLD TIGHT, help is on the way

We will review your report and respond.

** If you believe your device may be infected with malware, please take the following precautions to preserve evidence while awaiting a response:

  • Don't allow systems to be modified or used
  • Don't change or investigate affected systems
  • Don't run any anti-virus programs
  • Don't turn off the device, unless instructed to by OIT Security or Help Desk 
  • Don't install patches

 

Stolen Computer, Laptop, Phone, Tablet, or other Device


  1. File a report with the UC Irvine Police Department.
  2. If you a university employee, report it to your supervisor or school administration.
  3. If you have university restricted data, immediately follow the data breach process above.

UCInetID Compromised


If you think your UCInetID password has been stolen or your account has been inappropriately accessed:

  1. Immediately reset your password.
  2. Notify the OIT Security Team by emailing security@uci.edu or contact the UCI Health Service Desk at 714-456-3333 and request the Data Security team.
  3. Use the My Account Activity application to view your recent UCInetID account activity for common OIT services, verify all the activity is legitimately you.
  4. If you are a University employee, also notify your supervisor.
  5. If appropriate, file a report with the UC Irvine Police Department.

Ransomware


Ransomware is a form of maliciuos software that prevents a user from accessing their system, either by locking the screen or by encrypting files. The perpetrator then demands a 'ransom' payment from the victim before restoring access. If you think your system has been infected with ransomware, phone the OIT Help Desk immediately at 949-824-2222 (x42222) and email security@uci.edu.

Abuse


To report spamming or other abuse from a UC Irvine system, please send an email to abuse@uci.edu.

Policy


UC IS-3 Electronic Information Security Policy, section 16.1.2 Reporting Information Security Events

  • Workforce Members must promptly report known or suspected Information Security Incidents, Information Security Events, threats or vulnerabilities associated with Institutional Information or IT Resources to the Workforce Manager, Unit Head or CISO.