Search Google Appliance

Information Technology

Respond to Data Security Incidents-Information for Faculty & Staff

Find answers to your technology questions in the new IT Knowledge Base!

For the most up-to-date information, see our new Knowledge Base.
Support articles on the IT website are being retired, and may not be updated.

Find an updated version of this article

Continue to check the IT website ( for news and updates about technology at UMass Amherst.

Any data security incident involving a University-owned devices or personal devices containing sensitive University data should be taken seriously. Responding to data security incidents promptly and efficiently helps protect the University's assets (e.g., data, computers, networks) and ensures compliance with state and federal law and University policy.

Compromised Computing Devices

If your University-owned or personal device containing sensitive University data is exhibiting symptoms of malware (the most common data security incident), or you suspect the computing device has been accessed without authorization (your user name and password have been lost or compromised, you respond to a phishing scam or suspect someone else has attempted to access your device without your permission):

1. Keep Detailed Notes

Depending on the severity of the incident, you may have to provide details about the incident, including how you first responded, to other staff, management, University Legal Counsel, or Internal Audit.

2. STOP using the device.

If you suspect the device is infected with malware, STOP. Keep the system intact as changes can destroy valuable data related to the incident. Do not turn off the device, run anti-virus software, or attempt to back up data.

3. Contact Your Department's IT Administrator or the UMass Amherst IT Help Center.

Contact your Department's IT Administrator as soon as possible. If a Department IT Administrator is unavailable (or your department does not have one), call the IT Help Center at 413-545-9400 (Mon – Fri, 8:30 a.m. - 4:45 p.m.). Do not email UMass Amherst IT or submit a request for Online Help / Live Chat Support from a potentially-compromised device.

When calling the IT Help Center, be prepared to provide information about the nature of the incident (e.g., response to a phishing scam), approximate date and time the incident occurred, your email address, and campus phone number.

Lost or Stolen Computing Devices

If a computing device, which includes departmental laptops, USB drives, cell phones, or other devices that may contain sensitive data, or personal computing devices with sensitive University data, is lost of stolen:

1. Contact the UMass Amherst Police Department.

Report the lost or stolen device at 413-545-2121. UMPD may be able to locate your item(s) faster if you registered them.

2. Contact Procurement.

For University-owned devices, report the incident to the University Procurement Department at 413-545-0361.

3. Fill out the Lost or Stolen University-Owned Computing Device form.

You will be asked to provide information on the nature of the incident (e.g., lost computer), the approximate date and time when the device was lost or stolen (or when it was discovered to be missing), your email address, and campus phone number.

4. Change your passwords.

Be sure to change your IT Account password in SPIRE, and any other password that may have been exposed.

5. (Mobile device only) Contact your mobile device service provider for a remote wipe.

Contact the mobile device service provider and request that the contents of your device be wiped remotely.