Report an Incident or Vulnerability

All suspected or confirmed privacy, vulnerability or data security incidents must be reported in accordance with UCOP policy. All reports are to be made as soon as possible after the incident is identified, and with minimal delay for medium to high severity incidents or vulnerabilities.

*! Form is best viewed in Firefox or Chrome. If you are unable to view the form, send an e-mail to AND cc with the following: Employee name, UCOP e-mail address, type of incident and description.

What is a Security Incident?

A security incident is attempted or actual:

  • Compromised user accounts
  • Denial of service attack
  • Interference with information technology operation
  • Interference with the intended use of IT resources
  • Loss or theft of equipment used to store or work with sensitive UCOP data
  • Phishing, spear phishing or suspect e-mail/attachment
  • Supplier practicing poor information security or Supplier’s failure to comply with policy
  • Unauthorized access to, or use of, systems, software, or data
  • Unauthorized access, use, disclosure, modification, or destruction of information
  • Unauthorized changes to systems, software, or data
  • Violation of UC policy, laws or regulations