Information Security


Report an Incident

If you become aware of a security-related issue where information could be accessed inappropriately, e.g. a lost memory stick / an intruder found in a UCL office where confidential information is held / an online hoax affecting UCL, please report it.


As well as information security incidents, we also encourage the reporting of information security weaknesses or near misses. Be assured that we are more concerned about limiting damage and fixing problems than we are about punishing people, if you are concerned about reporting an incident please contact us to discuss it.

Personal Data Breach

If an incident involves personal data then it must be reported immediately to us (the UCL Information Security Group):

Fill in the Personal Data Breach Form then email it to us:

  • Email: isg@ucl.ac.uk 
  • Telephone: (0)20 7679 7338 (internal 37338)

Information Security Incident

If the incident does not relate to a personal data breach, our security incident reporting form gives you an idea of the sort of information we find useful, although we are happy to accept reports in any form. 

Security Incident Reporting Form

FileSecurity Incident Reporting Form

When an incident has occurred you may also need to report it to Physical Security and the UCL Data Protection Office, see the following links for their details:

Reporting Emails of Concern

Please forward emails to: phish@ucl.ac.uk

It is important that we have as much information about the email as possible, in particular the header data. Find out how to find and copy the header information.