Report a Security or Privacy Incident or Breach
To get started, fill out this form so we can learn more about your incident. You can also email itsd@ua.edu and security@ua.edu or call 205-348-5555 to report by phone.
What Should Be Reported?
All cyber incidents at The University of Alabama should be reported and investigated to determine if the information data involved requires an official notification of exposure as determined by regulation (FERPA, HIPAA, PCI) or data management plan contract. Failure to report could result in individual disciplinary action, additional fines from regulatory entities, and/or loss of trust in the University by the community at large.
For suspected ransomware attacks or active remote access by a malicious actor:
- DO NOT POWER OFF THE DEVICE
- Unplug the network cable or disconnect/disable WIFI.
- If networking cannot be disabled and you believe there is a risk of spread, power off the device.
- If you have seen a ransom note, take a picture with your phone and include it in your report.
- Do not touch the device, do not run scans, etc. until OIT Security contacts you.
Ensure you submit the following information in your report:
- Name, Email, and phone number of person reporting
- Date and time of incident
- Name(s) and IP Address(es) of any affected machine(s)
- Username(s) of any associated users
- Is/Are the machine(s) UA owned?
- Names of and full URLs of any websites or cloud services involved.
- Screenshots, pictures, etc. of the issue.
- As much detail as possible about the incident.
What Is Considered an Incident?
An incident can be any unauthorized access to confidential or sensitive data through:
- Any potential or suspected loss of data through hacking, virus or malware.
- A lost device, laptop, phone, tablet or external drive.
- Any unauthorized access, or downloading of confidential or sensitive data.
Depending on the data involved, one or more regulatory entities and/or affected individuals will require prompt notification.
Incident Response Plan
UA students, faculty and staff can view the University’s Incident Response Plan. Note – users must be connected to the campus network to view the plan.