Any event that, regardless of accidental or malicious cause, results in:
- disclosure of University data to someone unauthorized to access it,
- unauthorized alteration of University data,
- loss of data which the University is legally or contractually bound to protect or which support critical University functions,
- disrupted information technology service,
- a violation of the University’s information security policies.
Examples of such incidents include, but are not limited to:
- Malicious software installations on electronic devices that store University data not routinely made available to the general public, e.g., employee evaluations, or data the University is legally or contractually bound to protect, e.g., social security numbers, credit card numbers, Protected Health Information (PHI), research data, etc.
- Loss or theft of electronic devices, electronic media, or paper records that contain University data not routinely made available to the general public or data the University is legally or contractually bound to protect.
- Defacement of a University website.
- Unauthorized use of a computing account.
- Use of information technology resources for unethical or unlawful purposes (incidents involving employees and pornography should be reported directly to University Human Resources).
- Contact from the FBI, Secret Service, Department of Homeland Security or other law enforcement organizations regarding a University electronic device that may have been used to commit a crime.