Security Incident Reporting

What is an information security incident?

An information security incident can be defined as any violation, or imminent threat of violation, of computer systems or other information technology resources or data that pose a threat to the whole or part of the Emory enterprise. Examples include but are not limited to:

  • Data loss, theft, or misuse
  • Unauthorized changes to hardware, software, firmware, or data
  • Unauthorized changes, exposure, or deletion of information assets
  • Activities that violate Emory’s Information Technology Conditions of Use policy
  • Degradation of services due to intentional action 

Examples can include, but are not limited to:

  • Lost or stolen devices (phones, tablets, computers, etc.)
  • Presence of malware (viruses, spyware) or other unauthorized/unexpected programs
  • Intentional or unintentional posting of restricted or confidential data in a publicly accessible place
  • Inadvertent disclosure of restricted data to a third party

Reporting Security Incidents

If you feel that you have a security incident to report, please use the contact information below, contact your local support representative, or contact the University (404-727-7777) or Healthcare (404-778-4357) service desks.

Reporting Stolen Devices

See the following knowledge article: KB06396

Reporting Spam and Phishing

If you believe you have received a spam or phishing message, you may report it to both and It is best to send these messages as attachments, rather than just forwarding them. In most mail clients you can do this by composing a new message, and dragging the message that you want to attach into the body of the new message. 

Contact OIT Security

Email: security[@]emory[.]edu