Information Security Incident Reporting
Report an Incident
Learn how to report an incident if you experience or are aware of any of the following:
- I've received an electronic threat to my safety or someone else's safety
- I've been identified and targeted for online abuse, harassment, and intimidation
- I've found a technology vulnerability or coding bug in a Harvard system
- I've found or placed sensitive, unsecured Harvard data where it shouldn't be
- I've lost possession of an electronic device that contains Harvard data
- I've received a suspicious email that might be phishing
- I believe someone has stolen my account or password
How to Report an IT Security Incident
Report Online Abuse, Harassment, and Intimidation
Members of the Harvard community can become targets for online harassment, in the form of "trolling," "doxxing," "cyberbullying," and more. These situations can be very intense, alarming, and disruptive to an individual. Harvard provides this document as a resource for community members who have been identified and targeted for online abuse, harassment, and intimidation.
Report a System Vulnerability
If you are aware of a vulnerability in a Harvard system, please follow these instructions, Harvard University Responsible Vulnerability Reporting.
Data Exposure
If you see sensitive Harvard data on an unsecured server or posted publicly, or you believe you may have used an unsecure system to collect or transmit sensitive Harvard data.
Open an IT Ticket: Submit a Ticket Online or call 617 495-7777
Phishing Message
Forward phishing emails to: phishing@harvard.edu.
When we receive a suspected phishing email, we check it out to determine the risk. If it is a phishing attack, we may take any of the following steps:
- Breaking dangerous links so they don't connect to unsafe webpages
- Blocking malicious files from being delivered to to inboxes in the future
- Escalating the report to our security operations team to investigate compromised systems or accounts