Reporting Security Incidents

All individuals are required to immediately report to the University Information Policy Office (UIPO) any:

  • suspected or actual security breaches of information – whether in printed, verbal, or electronic form – or of information systems used in the pursuit of the university's mission.
  • abnormal systematic unsuccessful attempts to compromise information – whether in printed, verbal, or electronic form – or information systems used in the pursuit of the university's mission.
  • suspected or actual weaknesses in the safeguards protecting information – whether in printed, verbal, or electronic form – or information systems used in the pursuit of the university's mission.

The University Information Policy Office (UIPO) responds to and investigates incidents related to misuse or abuse of Indiana University information and information technology resources, regardless of the campus or unit involved. This includes computer and network security breaches, privacy breaches or concerns, and unauthorized disclosure or modification of institutional or personal information.

For more information on information security incident management at IU, see: Information Security Incident Management, and ISPP-26 Policy: Information and Information System Incident Reporting, Management, and Breach Notification.

Reporting incidents involving sensitive data

In the event of an incident concerning the possible exposure or loss of sensitive institutional or personal data, you must report the incident to the UIPO as soon as the incident is suspected. For more information on reporting these incidents, see: Reporting Sensitive Data Exposures.

Reporting HIPAA violations

HIPAA (Protected Health Information) violations must be reported to the University HIPAA Privacy and Security Compliance Office, the Interim University HIPAA Privacy Officer at 317-278-4521, the Interim University Security Officer at 317-278-8751, or by using the Confidential Hotline at 877-526-6759.

Other incidents

For non-emergency reports of information and information technology security, abuse incidents, privacy incidents or concerns, identity theft, or a weakness in the protection of sensitive institutional or personal data, contact the UIPO. They will coordinate the investigation, involve the appropriate IU units, and help assess and mitigate potential threats.

To report these types of incidents use one of the following options:

Security & Policy Blog Posts

  • Drupal announced the availability of a patch to fix a critical SQL injection vulnerability in Drupal 7.
  • Creating and maintaining a disaster recovery plan for departments and thier critical services
  • How workplace culture affects information security and how that culture can be improved.
  • The FBI has issued a public service bulletin regarding recent cyber-crimes which target university employees and students. Criminal activities involve payroll and IRS filings.

    Recent Security Bulletins

  • Adobe Flash is vulnerable to exploit that could allow an attacker to take control of the affected system.
  • Vulnerability in SSL 3.0
  • Critical Bash Exploit: Shellshock
  • Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g