The Office of Information Technology encourages all Rutgers community members to exercise caution and avoid scams and other cyber threats. If you are working at the university or working/learning remotely, it is important to report any suspected scams, breaches, or theft to the appropriate parties.
Recognizing an information security incident
An information security incident is any activity which may involve:
- Misuse of information technology resources, compromise of integrity or loss of confidentiality of university data
- Threats to availability of resources or misrepresentations of identity using information technology resources
- Loss or theft of a university-owned computer (or a device storing university data)
- Suspected abuse/misuse of a university system
- Spam or phishing that originates from or is relayed through university systems
- Use of university information technology resources to hack into any non-university computer system
- Unauthorized use of accounts to access university systems or information
- Suspected policy violation as described in the university’s Acceptable Use Policy for Information Technology Resources [PDF]
- Violations of any state, federal, or local law or regulation using university information technology resources
How do I report an information security incident?
All members of the Rutgers University community are expected to immediately report suspected scams, abuses, unauthorized disclosure, loss or theft of restricted or internal data, as well as loss or theft of computing equipment, to their management, dean or department chair, IT leadership, and the Rutgers University Computing Incident Response Team (RU CIRT) at email@example.com.
Below are a list of detailed actions you should take:
|Type of Cyber Threat||Actions|
|For suspected phishing or other email scams:|
|For password compromises – i.e. a malicious link that redirects you to a fake login page – do the following:|
|All other abuses, unauthorized disclosures or access, loss or theft of restricted or internal data should be reported as follows:||Send an email to firstname.lastname@example.org and include the following information in the report:
What if PHI (Protected Health Information) is involved in the incident?
If PHI (Protected Health Information) or the likelihood of PHI data is involved, contact University Ethics and Compliance at 1-833-783-8442.
What if the incident involves theft of physical assets, a possible crime, or harassment?
Contact the University Police or your local police department to report loss or theft of physical assets or if you suspect that the incident might constitute a crime or involve harassment.
- Do not delete offending email from your computer until you have contacted your local police and they instruct you to do so.
- Preserve logs or other evidence.
- Contact your nearest RUPD division:
- RUPD – New Brunswick 732-932-7211
- RUPD – Camden 856-225-6111
- RUPD – Newark 973-353-5111
- RUPD – RBHS at Newark 973-972-4491
- Contact your service provider for guidance and next steps.
- Change all compromised account passwords and use multi-factor authentication if available.
- If passwords have been reused across several accounts/services, then reset all affected passwords (i.e. Facebook, Twitter, Instagram, etc.). Note that social media accounts can be utilized to authenticate into other systems.
- Report suspected scams to the applicable industry or regulatory agency. A sample listing is included below.
For general questions or concerns regarding Information Security topics, submit your inquiries to the IT Risk, Policy, and Compliance group.
For IT staff
The Rutgers University Computing Incident Response Team (RU CIRT) reviews incident reports and dispatches them to the appropriate departmental computing staff for resolution. Learn how to work with RU CIRT to resolve a computer abuse incident.