Reporting Security Incidents

All individuals are required to immediately report to the University Information Policy Office (UIPO) any:

  • suspected or actual security breaches of information – whether in printed, verbal, or electronic form – or of information systems used in the pursuit of the university's mission.
  • abnormal systematic unsuccessful attempts to compromise information – whether in printed, verbal, or electronic form – or information systems used in the pursuit of the university's mission.
  • suspected or actual weaknesses in the safeguards protecting information – whether in printed, verbal, or electronic form – or information systems used in the pursuit of the university's mission.

The University Information Policy Office (UIPO) responds to and investigates incidents related to misuse or abuse of Indiana University information and information technology resources, regardless of the campus or unit involved. This includes computer and network security breaches, privacy breaches or concerns, and unauthorized disclosure or modification of institutional or personal information.

For more information on information security incident management at IU, see: Information Security Incident Management, and ISPP-26 Policy: Information and Information System Incident Reporting, Management, and Breach Notification.

Reporting incidents involving sensitive data

In the event of an incident concerning the possible exposure or loss of sensitive institutional or personal data, you must report the incident to the UIPO as soon as the incident is suspected. For more information on reporting these incidents, see: Reporting Sensitive Data Exposures.

Reporting HIPAA violations

HIPAA (Protected Health Information) violations must be reported to the University HIPAA Privacy and Security Compliance Office, the Interim University HIPAA Privacy Officer at 317-278-4521, the Interim University Security Officer at 317-278-8751, or by using the Confidential Hotline at 877-526-6759.

Other incidents

For non-emergency reports of information and information technology security, abuse incidents, privacy incidents or concerns, identity theft, or a weakness in the protection of sensitive institutional or personal data, contact the UIPO. They will coordinate the investigation, involve the appropriate IU units, and help assess and mitigate potential threats.

To report these types of incidents use one of the following options:

Security & Policy Blog Posts

  • We have received approximately 15 reports from faculty and staff who have had a fraudulent 2013 federal tax return submitted to the IRS in their name. There is no evidence the tax fraud is a result of a disclosure of information that originated from IU.
  • On March 24th 2014, Microsoft released an advisory describing a vulnerability in all supported versions of Microsoft Word.
  • Apple has released critical security updates to address a dangerous bug in Apple's implementation of SSL/TLS that affects multiple versions of iOS 6, iOS 7, Apple TV OS 6, OS X 10.9 (Maverics).
  • Older version of NTP with outdated configuration may allow servers to be used in a Denial of Service attack

    Recent Security Bulletins

  • Vulnerability in OpenSSL versions 1.0.1 before 1.0.1g
  • New ransomware named CryptoLocker threatens to destroy data unless a payment is made.
  • Critical Java Vulnerability included in Exploit Kit
  • This bulletin details four recently published, critical rated, vulnerabillies in Adobe ColdFusion and ways to mitigate the risk of them being exploited including the hotfix for supported versions.