Report an incident

Security incidents

How to report a security incident

Please contact the Oxford University Emergency Response team (OxCERT) via email on oxcert@infosec.ox.ac.uk to report an incident.

For urgent inquiries contact the team at +44 1865 282 222 or phone extension 82 222. 

 

When reporting the incident please provide as much detail as possible including:

  • Affected system and users (hostname, IP address, user names and account types)
  • Date the incident occurred
  • Symptoms
  • Impact
  • Has the incident been handled or do you need support?
  • Are there any mitigations in place?
  • Is personal or sensitive personal data at risk?

How to report a potential data breach 

If you suspect a data breach has occurred please also email the Information Compliance Team (ICT): data.breach@admin.ox.ac.uk for all potential breaches involving personal data. You should do this in addition to contacting OxCERT, not instead of doing so.

 

Suspected phishing message

How to report a suspect phishing message

If you wish to report a phishing or other malicious email, please forward the message to phishing@infosec.ox.ac.uk.

 

Remember to tell us whether or not you:

Please note that the suspect phishing reporting service cannot respond to reports of spam messages or other forms of unsolicited email.

To help reduce phishing incidents we are updating the University (SSO) log-in process. Find out more information about the changes to how you log-in.

Suspected ransomware incident

 Ransomware on your work device? Follow these steps

Ransomware is a type of malicious software, often shortened to 'malware', which encrypts your data or device and demands a ransom (e.g., for access to be restored).

If this has happened to your device, don’t panic, follow these steps:

  1. Disconnect from the network by immediately removing any data network cable connecting your device to a network, to isolate your workstation, and/or activating 'Aeroplane' mode if you are connected to a wireless network.
  2. Don't shut down your device – keep it turned on for further investigation by IT staff
  3. Capture evidence of any error message or demands (e.g., by taking a photograph or screenshot). Note the time, and actions you took leading up to the incident.
  4. Report it to your local IT support staff as soon as possible. If they are unavailable, contact Information Security (using an uninfected device) at oxcert@infosec.ox.ac.uk or call +44 (0)1865 282 222.

When you speak to IT Support Staff or Information Security, you may be asked about:

  • Which systems and users are affected
  • Whether you have put any mitigations in place (e.g. disconnecting from networks)
  • The kind of data (personal/sensitive) that is at risk

Expand All

When a security incident takes place, there are specific steps to take when working with OxCERT.

This process is used for reporting significant security events, such as the following:

  • Unauthorised access or data breaches
  • Disclosure of access credentials
  • Acceptable use policy breaches
  • Malware or intrusions involving systems that process or store sensitive information
  • Intrusions that involve more than one system (lateral movement)
  • Incidents that represent a significant risk to a department or the campus
  • Advanced malware such as ransomware, remote access trojans (RAT), information stealers, etc.
  • Physical data compromise or loss, e.g. theft or loss of computer equipment including storage devices

If you are a member of the University's IT Support Staff (ITSS), or a senior college/departmental officer or administrator, working with OxCERT will help you to:

  • Manage security incidents at the University of Oxford
  • Combat rising security and accountability risks
  • Reduce associated costs

If you are not a system administrator and suspect a violation of your computer's security has occurred, please contact your department or college IT support staff immediately. In case you're unable to contact them, please contact OxCERT directly.

For confidential email correspondence, please use GnuPG encrypting to OxCERT's current public key:

ID: 0x5F8868AF
Fingerprint: A8E1 FD4B 9770 C77A 75F0  5273 CE28 F2F2 5F88 68AF

Please do not send us messages protected via proprietary digital rights management or encryption systems, such as Outlook's protected messages – OxCERT are unable to work with such systems.

If you wish to report a discovered vulnerability, please notify oxcert@infosec.ox.ac.uk so that the OxCERT team can take action.

Please provide the following information, as best as you can:

  • Your contact details, ideally an email address
  • The affected URL/IP address and the type of vulnerability found 
  • Please give enough detail to enable us to reproduce the flaws so that it can be remediated as soon as possible 

Whilst we are grateful for helpful responsible disclosures, the University of Oxford, as a charity, does not operate a formal bug bounty recognition programme. The University may issue a letter of recognition for exceptionally high quality bug reports but only in very rare circumstances.