Skip to toolbar

Education & Training

Office of Information Security

What to Do in Case of a Security Incident

Use the guidelines below to determine what steps to take when a security incident occurs – whether it involves a personal or University owned device, a Penn State network or server, confidential or sensitive information, a Penn State user or admin account, infection with malicious software such as a virus, ransomware, spyware, or trojan, or unauthorized access of any kind.

WHEN TO REPORT THE INCIDENT IMMEDIATELY BY PHONE

CALL THE OFFICE OF INFORMATION SECURITY (OIS) IMMEDIATELY at (814) 863-7804 to report the incident if you suspect that it may involve one or more of the following:

  • Unauthorized access to sensitive data – data classified as Level 3 (High) or Level 4 (Restricted) as defined in the Information Classification Decision Tool,
  • Unauthorized access to data stored in a secure enclave,
  • Intellectual property owned by a Penn State funding partner,
  • The potential for severe financial, reputational, legal or regulatory impact,
  • Widespread or critical system disruption, and/or
  • An attack that appears targeted, sophisticated, or based on inside information.

Refer to the Security Response Quick Guide for additional guidance and action items – including what NOT to do.

WHEN TO REPORT THE INCIDENT BY EMAIL

Email security@psu.edu to report the incident if it does not meet the above criteria, but involves any of the following:

  • Unauthorized access to data that is not classified as Level 3 or Level 4 in the Information Classification Decision Tool (including alteration, deletion, and loss of access to such data),
  • Intellectual property owned by Penn State that does not meet the criteria for urgent reporting,
  • A University-owned device,
  • Disrupted availability of Penn State resources (including denial of service),
  • Unauthorized use of your Penn State account
  • A personal device that contains University data,
  • A personal device that was used to log into a system that contains confidential Penn State data, or
  • A personal device that was used to log into any Penn State resource with a privileged account such as an admin account.

Refer to the Security Response Quick Guide for additional guidance and action items – including what NOT to do.

WHAT TO DO WHEN REPORTING IS NOT REQUIRED

If the incident is limited to your own personal device or a personal account (for example, your gmail or FaceBook account) AND does not meet any of the criteria listed above, it is not necessary to report the incident to the Office of Information Security.

Click each topic below to expand it.

don't modify this so accordion stays closed

If you discover that someone has gained access to your Penn State ID and password

  1. Change your password immediately:  Visit Forgot Your Password on the Penn State Account management website and follow the prompts. For more detailed instructions, refer to knowledge article Reset My Penn State Account Password (I Forgot It)
    Note:  The system partially displays the email address to which the password reset email will be sent. If you don’t recognize the email address (or don’t receive a password reset email), contact the IT Service Desk immediately for assistance.
  2. Verify that your forwarding email address has not been changed in Office 365. See knowledge article Manage Email Forwarding using Outlook on the Web to learn how.
  3. Confirm that your account information has not been updated:  Log in to accounts.psu.edu to confirm that information such as your recovery email address, street address, phone number and two-factor authentication devices have not been updated by the person who accessed your account.  Consider logging in to LionPATH and/or Workday as well to check for unauthorized changes.
  4. Learn how to keep your account safe going forward:  Visit Protect your devices, your data, and your account on this website.

If your personal device has been infected with a virus, ransomware, spyware, or other malicious software

  1. Don’t panic!
  2. Isolate your device to avoid passing along the infection. Disconnect your device from any external storage devices (USB Drive, External Hard Drive), network connections (wired or Wi-Fi internet and local area network connections).
  3. Use another device to search the web for information on resolving the issue, enlist the help of a technically savvy friend, or engage professional help to determine next steps.
    Note that Penn State recommends reformatting a device rather than attempting to remove the malware.
  4. If you need additional help, contact the IT Service Desk at (814) 865-HELP (4357) to learn about technical support available through Penn State Knowledge Commons.
  5. Learn how to avoid future attacks: See Protect your devices, data and account for steps you can take.