Report an Incident

If you become aware of a security-related issue where information could be accessed inappropriately, e.g. a lost memory stick / an intruder found in a UCL office where confidential information is held / an online hoax affecting UCL, please report it.

As well as information security incidents, we also encourage the reporting of information security weaknesses or near misses. Be assured that we are more concerned about limiting damage and fixing problems than we are about punishing people, if you are concerned about reporting an incident please contact us to discuss it.

Personal Data Breach

If an incident involves personal data then it must be reported immediately:

https://www.ucl.ac.uk/data-protection/guidance-staff-students-and-researchers/practical-data-protection-guidance-notices/report-breach

Information Security Incident

If the incident does not relate to a personal data breach, please contact ISG:

•  isg@ucl.ac.uk

•  0207 679 7338 (internal 37338)

When an incident has occurred you may also need to report it to Physical Security and the UCL Data Protection Office, see the following links for their details:

• Physical Security
• UCL Data Protection Office

Reporting Emails of Concern

Please forward emails to: phish@ucl.ac.uk

It is important that we have as much information about the email as possible, in particular the header data. Find out how to find and copy the header information.