The University Information Policy Office (UIPO) responds to and investigates incidents related to misuse or abuse of Indiana University information and information technology resources, regardless of the campus or unit involved. This includes computer and network security breaches and unauthorized disclosure or modification of institutional or personal information. For more information on information security incident management at IU, see: Information Security Incident Management.
Reporting incidents involving sensitive data
In the event of an incident concerning the possible exposure or loss of sensitive institutional or personal data, you must report the incident to the UIPO as soon as the incident is suspected. For more information on reporting these incidents, see:
Reporting inadequate protection of sensitive data
If you identify a weakness in the protection of sensitive institutional or personal data, immediately contact the UIPO, who will help coordinate the investigation and involve the appropriate IU units to help assess and react to the potential threat. Report the incident in one of two ways:
- Use our online incident reporting form (authentication required).
- Send an email to it-incident@iu.edu outlining the incident details.
Reporting other types of incidents
For incidents involving threats to personal safety or physical property, or illegal activities, immediately contact your campus police department. For non-emergency reports of information and information technology security or abuse incidents, send email to it-incident@iu.edu. If you are reporting an incident related to an email message you received (i.e. spam or phishing), see:
Anonymous reporting hotline
In some cases, it may be desirable or prudent to report an incident anonymously. Indiana University Internal Audit has made arrangements with a third party to provide an anonymous reporting hotline. For more information about the hotline, see:
