Reporting Process

Incidents that occur involving credit card machines or those closely related require additional steps. For computer/network-based intrusions, disable the network connection (do not unplug the power cord) and contact Security Operations and Services (SOS). During SOS normal work hours, SOS can be reached at 814-863-9533 or after-hours 814-777-9533. An email may also be sent to security@psu.edu but direct telephone contact should be made.

For non-computer/network-based events please contact the Privacy Office at 814-863-3049 during normal business hours or email privacy@psu.edu.

For theft contact your local Police Services unit first and then one of the two above.

Pay attention to this section when you receive a notification from Security Operations and Services (SOS): If the IP address handles sensitive information (such as credit card or other personal or institutional financial information, personally identifiable health information, SSN or PSUID, Driver's License number, transcript data, tenure review information), DO NOT take any action beyond filtering at the firewall or unplugging the system(s) from the network until you contact Security. Call or write to Security Operations and Services immediately for further instructions (814-863-9533; security@psu.edu).

The PCI DSS steps and requirements for compromised entities.

• Immediately contain and limit the exposure.
  • Unplug the machine from the network.
• Alert all necessary parties immediately. Contact SOS 814.863.9533 or after-hours 814.777.9533.
• IPAS will work with you for the rest of the steps, including:
  • Providing a list of all compromised accounts to the respective merchant bank within 10 business days and,
  • Preparing an Incident Response Report that must be submitted to the merchant bank within 3 business days.

Click here to view the Visa What to do if Compromised document.