Report an Incident

Please contact the Information Security team immediately if you experience or are aware of any of the following:

 
Icon of a threatening chat session on a computer screen

Report a Threat to a Person

("Cyberstalking" or "Cyberbullying")

Report if you or someone else has received a threat to your safety.

Follow these steps:

  1. If the incident poses any immediate danger, contact the SDSU University Police Department (UPD) immediately at 619-594-1991 or send an email at [email protected] .
  2. Create a ServiceNow Ticket and click "Report a Problem."
  3. Provide details of dates, times, and content of harassing or abusive emails
  4. Save text, or phone calls, if possible, to be used as evidence.
Icon of an alert box on a computer screen

Report a System Vulnerability

Report if you are aware of a vulnerability in an SDSU system. A vulnerability is a weakness which can be exploited by an attacker. Vulnerabilities can allow attackers to run code, access a system's memory, install malware, and steal, destroy, or modify sensitive data.

Follow these steps:

  1. Create a  ServiceNow Ticket and click "Report a Problem."
  2. Stop using the system.
  3. For SDSU devices, ITSO will review, investigate, and validate your report. Devices joined on Microsoft Security ATP or JAMF, a scan will be be initiated by the Endpoint Security Team, if applicable:
    • Don’t perform any backups.
    • Don’t install patches or updates.
    • Don’t install any antivirus or spyware.
    • Don’t format the drive.
    • Don’t create an image of the drive.
    • Don’t power off the computer.
  4. For non-SDSU devices: Please run a full antivirus scan. You can use free antivirus like Malwarebytes for Windows or Sophos and Avast for macOS.
Icon representing a Website Defacement

Report a Website Defacement

Report if you are aware of an SDSU website that has been defaced. Website defacement is the practice of altering the web pages of a website after its compromise.

Follow these steps:

  1. Create a  ServiceNow Ticket and click "Report a Problem."
  2. Take the website offline.
  3. Don’t perform any updates or restart the server housing the website.
Icon showing exposure of sensitive data

Report Data Exposure

Report if you see sensitive SDSU data on an unsecured server or posted publicly, or you believe you may have used an unsecure system to collect or transmit sensitive SDSU data.

Follow these steps:

  1. Create a  ServiceNow Ticket and click "Report a Problem."
  2. If your SDSU account is compromised, please reset your password immediately.
  3. Please report the type of sensitive data that was exposed. Learn more about storing sensitive data and sensitive data categories.
Icon showing tracking of lost devices

Report a Lost & Stolen Electronic Device

Report if you have lost an SDSU-assigned or non-SDSU assigned device.

Follow these steps:

  1. Create a ServiceNow Ticket and complete the “Report Lost & Stolen Devices” Form.
  2. Report to UPD - Call 619-594-1991 or email [email protected] and make note of the UPD case number assigned to your case. Please provide it to ITSO.
  3. If you have lost an SDSU-assigned device, please also contact your manager if you are an employee or Help Desk if you are a student.
Icon of email phishing symbol, a fish hook through an envelope

Report Phishing Messages

Be suspicious of all requests. Ask, "Is this real?"

When ITSO receives a suspected phishing email, we investigate to determine the risk. If it is a phishing attack, we may take any of the following steps:

  • Breaking dangerous links so they don't connect to unsafe webpages.
  • Blocking malicious files from being delivered to inboxes in the future.
  • Escalating the report to our security operations team to investigate compromised systems or accounts.
  • Campus-wide alert to SDSU users on Twitter @SDSUITSO.

Follow these steps:

  1. Forward your phishing emails to [email protected].
  2. Do not attempt to open any links, do not download any attachments and do not reply to the message.
  3. If your SDSU account is compromised, please reset your password immediately.
  4. After reporting to [email protected], If you are using the Gmail interface, you can report phishing directly to Google:
  5. Sign in to Gmail.
  6. Open the message you'd like to report.
  7. Click the triple-dot icon next to Reply, at the top-right of the message pane.
  8. Select “Report Phishing”
  9. Delete emails and messages that ask you to confirm or provide personal information.

For more tips on preserving your digital health, please visit our Information Security Guides and Policies and Practices.

Icon of copyright symbol with a line through it

Report a DMCA Violation

San Diego State University (SDSU) fully complies with all provisions of the Digital Millennium Copyright Act (DMCA).

If you would like to report a copyright infringement incident on any site on the sdsu.edu network, please contact the agent designated to respond to reports alleging copyright infringement and report to [email protected] .

The DMCA specifies that all copyright infringement claims must be in writing (either electronic mail or paper letter). All claims will be investigated and handled according to SDSU policy and the law. You can also mail a paper letter to:

IT Security Office
MC-1604
5500 Campanile Dr. San Diego, CA 92182-1604

Icon of a customer service person wearing a headset

Report a Non-Urgent Information Security Question

If you have a non-urgent security question or concern.

Follow these steps:

Get Help

To request a service, create a ServiceNow Ticket and assign the ticket to “IT-ITSO-Help Desk”. Connect with us at [email protected] for security-related-questions, consulting, and incident reporting.

IT Security Office
Administration Building
[email protected]

Report an Incident

Please contact the Information Security team immediately if you experience or are aware of any of the following: