Data Security Incidents

What is a data security incident?

A ‘data security incident’ is a catch-all term for different types of unauthorized activity involving computing devices and/or sensitive data. Members of the University community can use this page to learn about different types of data security incidents, the appropriate response procedures, and the consequences for mishandling them.

Types of Data Security Incidents

  • Computing Devices Compromised by Malware (Most Common) Desktops, laptops, and servers are often infected with malicious software (e.g., viruses, malware). If the infected device contains sensitive University data, this may constitute a data security incident. If a server is compromised, IT Administrators should contact the security staff on their campus.
  • Computing Devices Accessed without Authorization (Non-Malware) These include University devices accessed without permission – stolen or compromised credentials (e.g., user names and passwords), credentials lost to phishing scams, and other attempts to access a device without authorization (e.g., former employees).
  • Lost or Stolen Computing Devices These include lost or stolen departmental laptops, USB drives, cell phones, or other devices that may contain sensitive data, or personal computing devices with sensitive University data. Report lost or stolen University-owned devices to your local police department and the IT security staff on your campus.

How do I report a data security incident?

Please contact the UMSO Help Desk.