Report an Incident

Reporting a data or IT compromise (or risk) IMMEDIATELY is critical to keeping you and our entire Stanford community safe.

How to report an IT security or privacy problem (general)

If you’re not sure what type of issue you are facing, follow this procedure:

• During business hours (9am-5pm PST weekdays):
   

  Report a device or data incident now
  
   

• For urgent issues during holidays and after-hours (outside of 9am-5pm PST weekdays):
  1. Contact IT Operation Center (ITOC) via the #itoc channel on Stanford’s Slack, AND
  2. Also submit a ticket with the University Privacy Office.

​Note: For any incidents involving UK Biobank data, view the UK Biobank reporting protocols here.

 How to report specific types of incidents

For specific issues, Stanford has specific experts and protocols in place. Choose the protocol that best matches your concern.

A vulnerability with a Stanford computer/networking resource

Protocol

For IT security incidents involving security issues with Stanford's computers or networking resources, follow this protocol-

During business hours (9am-5pm PST weekdays):

• Contact your local IT support​, AND
• Report to Stanford’s IT Security Office.

For urgent issues during after-hours (outside of 9am-5pm PST weekdays):

• Contact UIT Service Desk: 650-725-4357, OR
• Contact ITOC via the #itoc channel on Stanford’s Slack.
   

Examples

Examples of reportable IT Security incidents include but are not limited to:

• Compromised endpoint (e.g., malware, keylogger, ransomware)
• Compromised server (e.g., malware, unauthorized use/access, unusual activity)
• Compromised Stanford websites (e.g., website defacement)
• Compromised infrastructure (e.g., router, switch, firewall, ICS device)
• Compromised user or email account
• Denial of service (DoS)

Unauthorized exposure of sensitive data (especially High Risk Data)

Report any data breach or exposure IMMEDIATELY.

Note: For any incidents involving UK Biobank data, view the UK Biobank reporting protocols here.

Protocol

For High Risk Data or High Risk PHI Data compromise, or other unauthorized sensitive data exposure, follow this protocol-

During business hours (9am-5pm PST weekdays):

• Report a data incident (University Privacy Office).

For urgent issues during after-hours (outside of 9am-5pm PST weekdays):

• Contact ITOC via the #itoc channel on Stanford’s Slack, AND
• Also submit a ticket with University Privacy Office.
   

Examples

Examples of a reportable data exposure incident include but are not limited to:

• Information protected by FERPA, GDPR, or HIPAA regulations, including Protected Health Information (PHI)
• Passport and visa numbers
• Social security numbers
• Financial account numbers

Learn more about sensitive data examples and facts.

Lost or stolen electronic device with Stanford data

Report a lost or stolen device (University Privacy Office).

Suspected phishing email

Report a suspected phish with either of these methods:

• Use the Phish Reporter button (preferred), OR
• Forward the email to spam@stanford.edu. 

Learn more about why and how to report phishing.

Electronic threat to a person’s safety

Report to Stanford Department of Public Safety (DPS):

• Emergencies: Call 9-1-1 
• Non-emergency response: Call 650-329-2413 

Concerns can also be reported using the Threat Assessment and Management form.

Visit onlineharassment.stanford.edu to learn more about protocols, roles, and responsibilities.