An unauthorized disclosure of sensitive personal identifiable information is considered a data exposure. Examples include when:
- A computer storing information is compromised or stolen.
- Information is made available online or via an external application.
- Paper records with the information are disposed in an unsecure manner.
- Computer media is disposed in an unsecure manner.
If at any time you think there is risk of a data exposure without authorization, immediately report an emergency IT incident by outlining the incident details in an email to it-incident@iu.edu.
After reporting, immediately follow up by calling the units below in order – no matter what time of day or night (or weekday, weekend, or holiday) – until you reach someone:
- University Information Security Office (UISO) directly at 812-855-8476 (9-5 ET, M-F).
- UITS Network Operations Center at 812-855-3699 (24x7).
- UITS Support Center at 812-855-6789 (24x7)
If outside of work hours, ask Network Operations Center or Support Center staff to contact UITS Data Center Operations so that a PAGE can be sent to the UISO. A representative will then call you back.
If the incident involves a possibly compromised computer, do not use the system. This means you should not do a network scan of the system, run antivirus software, patch the system, reboot, unplug any cables, or power off the system. Taking these actions will destroy important forensic data. Instead, wait for instructions after reporting to the UISO.