Skip to main content

Reporting suspected scams, breaches or theft

The Office of Information Technology encourages all Rutgers community members to exercise caution and avoid scams and other cyber threats. If you are working at the university or working/learning remotely, it is important to report any suspected scams, breaches, or theft to the appropriate parties.

Recognizing an information security incident

An information security incident is any activity which may involve:

  • Misuse of information technology resources, compromise of integrity or loss of confidentiality of university data
  • Threats to availability of resources or misrepresentations of identity using information technology resources
  • Loss or theft of a university-owned computer (or a device storing university data)

Examples include:

  • Suspected abuse/misuse of a university system
  • Spam or phishing that originates from or is relayed through university systems
  • Use of university information technology resources to hack into any non-university computer system
  • Unauthorized use of accounts to access university systems or information
  • Suspected policy violation as described in the university’s Acceptable Use Policy for Information Technology Resources [PDF]
  • Violations of any state, federal, or local law or regulation using university information technology resources

How do I report an information security incident?

All members of the Rutgers University community are expected to immediately report suspected scams, abuses, unauthorized disclosure, loss or theft of restricted or internal data, as well as loss or theft of computing equipment, to their management, dean or department chair, IT leadership, and the Rutgers University Computing Incident Response Team (RU CIRT) at abuse@rutgers.edu.

Below are a list of detailed actions you should take:

Type of Cyber ThreatActions
For suspected phishing or other email scams:
For password compromises – i.e. a malicious link that redirects you to a fake login page – do the following:
All other abuses, unauthorized disclosures or access, loss or theft of restricted or internal data should be reported as follows:Send an email to abuse@rutgers.edu and include the following information in the report:
  • Description of the information security incident along with any relevant attachments
  • Date and time of the event (including time zone)
  • Provide supporting evidence such as system logs or full email headers
  • A general description of the type of data (sensitive information such as Social security numbers, credit card numbers, protected health information (PHI) or other confidential data)

 
What if PHI (Protected Health Information) is involved in the incident?
If PHI (Protected Health Information) or the likelihood of PHI data is involved, contact University Ethics and Compliance at 1-833-783-8442.

What if the incident involves theft of physical assets, a possible crime, or harassment?
Contact the University Police or your local police department to report loss or theft of physical assets or if you suspect that the incident might constitute a crime or involve harassment.

  • Do not delete offending email from your computer until you have contacted your local police and they instruct you to do so.
  • Preserve logs or other evidence.
  • Contact your nearest RUPD division:
    • RUPD – New Brunswick 732-932-7211
    • RUPD – Camden 856-225-6111
    • RUPD – Newark 973-353-5111
    • RUPD – RBHS at Newark 973-972-4491

How do I report issues with personal accounts and services?

For general questions or concerns regarding Information Security topics, submit your inquiries to the IT Governance, Risk, and Compliance team.

For IT staff

The Rutgers University Computing Incident Response Team (RU CIRT) reviews incident reports and dispatches them to the appropriate departmental computing staff for resolution. Learn how to work with RU CIRT to resolve a computer abuse incident.