Report an Incident

Reporting a data or IT compromise (or risk) IMMEDIATELY is critical to keeping you and our entire Stanford community safe.

How to report a privacy problem or concern

If you’re not sure what type of issue you are facing, follow this procedure:

• During business hours (9am-5pm PST weekdays):

Report a lost/stolen device or data incident now

• For urgent issues during holidays and after-hours (outside of 9am-5pm PST weekdays):
  1. Contact IT Operation Center (ITOC) via the #itoc channel on Stanford’s Slack, AND
  2. Also submit a ticket with the University Privacy Office.

​Note:For any incidents involving UK Biobank data,view the UK Biobank reporting protocols here.

How to report a vulnerability

To report a vulnerability within Stanford University systems or networks, use the link below to create a report for the Information Security Office.

Report an IT vulnerability now

Stanford appreciates cooperation and collaboration with security researchers to ensure the security of its systems through the responsible discovery and disclosure of system vulnerabilities.

How to report an IT incident

For IT security incidents involving security issues with Stanford's computers or networking resources, follow this protocol.

During business hours (9 am-5 pm PST weekdays):

• Contact your local IT support​, AND

Report an IT incident now

For urgent issues during after-hours (outside of 9 am-5 pm PST weekdays):

• Contact UIT Service Desk: 650-725-4357, OR
• Contact ITOC via the #itoc channel on Stanford’s Slack.

Examples

Examples of reportable IT Security incidents include but are not limited to:

• Compromised endpoint (e.g., malware, keylogger, ransomware)
• Compromised server (e.g., malware, unauthorized use/access, unusual activity)
• Compromised Stanford websites (e.g., website defacement)
• Compromised infrastructure (e.g., router, switch, firewall, ICS device)
• Compromised user or email account
• Denial of service (DoS)

How to report specific types of incidents

For specific issues, Stanford has specific experts and protocols in place. Choose the protocol that best matches your concern.

Unauthorized exposure of sensitive data (especially High Risk Data)

Report any data breach or exposure IMMEDIATELY.

Note: For any incidents involving UK Biobank data, view the UK Biobank reporting protocols here.

Protocol

For High Risk Data or High Risk PHI Data compromise, or other unauthorized sensitive data exposure, follow this protocol-

During business hours (9am-5pm PST weekdays):

• Report a data incident (University Privacy Office).

For urgent issues during after-hours (outside of 9am-5pm PST weekdays):

• Contact ITOC via the #itoc channel on Stanford’s Slack, AND
• Also submit a ticket with University Privacy Office.
   

Examples

Examples of a reportable data exposure incident include but are not limited to:

• Information protected by FERPA, GDPR, or HIPAA regulations, including Protected Health Information (PHI)
• Passport and visa numbers
• Social security numbers
• Financial account numbers

Learn more about sensitive data examples and facts.

Lost or stolen electronic device with Stanford data

Report a lost or stolen device (University Privacy Office).

Suspected phishing email

Report a suspected phish with either of these methods:

• Use the Phish Reporter button (preferred), OR
• Forward the email to phishing@stanford.edu. 

Learn more about why and how to report phishing.

Electronic threat to a person’s safety

Report to Stanford Department of Public Safety (DPS):

• Emergencies: Call 9-1-1 
• Non-emergency response: Call 650-329-2413 

Concerns can also be reported using the Threat Assessment and Management form.

Visit onlineharassment.stanford.edu to learn more about protocols, roles, and responsibilities.