How to Report
Report actual or suspected IT security incidents as soon as possible so that work can begin to investigate and resolve them.
If the incident poses any immediate danger, call 911 to contact law enforcement authorities immediately.
MiWorkspace Units: Report incidents to the ITS Service Center.
U-M Health System (UMHS): Report incidents to the UMHS Service Desk:
Learn about reporting IT security incidents and how they are handled in this short video: Report an IT Security Incident Video.
What is an Incident?
An IT security incident is attempted or actual:
- Unauthorized access, use, disclosure, modification, or destruction of information
- Interference with information technology operation
- Violation of explicit or implied acceptable use policy
- Compromised user accounts
- Computer system intrusion
- Ransomware infection
- Unauthorized access to, or use of, systems, software, or data
- Unauthorized changes to systems, software, or data
- Loss or theft of equipment used to store or work with sensitive university data
- Denial-of-service attack
- Interference with the intended use of IT resources
Why Report an Incident?
- IIA can help you resolve the incident and recover your account/assets.
- U-M units: if the incident involves the potential for recoverable losses, you must report the incident to IIA* in order to submit a claim on your cyber risk insurance coverage.
- It is U-M policy to report IT security incidents; see Information Security Incident Reporting (SPG 601.25).
* IIA is the liaison to the Office of Risk Management with respect to initiating claims under the cyber risk insurance coverage that Risk Management provides to U-M units.
For Unit IT Staff
See Responding to an IT Security Incident for incident-handling guidelines for U-M units, a quick reference guide, and an operating level agreement that describes the responsibilities of central offices.