Reporting a Suspected Security Incident

An information security incident is defined as any real, suspected, or potential event that compromises, threatens to compromise, or violates Dartmouth College's information security policies, practices, or acceptable use guidelines. Such incidents disrupt the confidentiality, integrity, or availability of data and information systems that support the operations and mission of the College. 

Please note that any security incidents where health and/or safety is at risk should be reported to the Department of Safety and Security (DoSS):

All other security incidents should be reported to Information Security. To report a suspected security incident to the Information Security team, you can submit a short form or send an email to Information.Security@dartmouth.edu. If you are sending an e-mail, make sure to include as much of the below information as possible:

Type of Incident 

  • Note all types that apply:
  1. System Compromise - Unauthorized access to Dartmouth's computing systems, indicating a breach of security controls.
  2. Credential Compromise - Unauthorized acquisition or use of Dartmouth's user credentials, threatening system and data security.
  3. Network Attacks - Activities like scanning, sniffing, or denial-of-service attacks aimed at disrupting or surveilling Dartmouth's network operations.
  4. Malicious Software - Installation of software designed to harm or exploit Dartmouth's systems, including ransomware, viruses, worms, and trojans.
  5. Equipment Theft or Loss - Physical loss or theft of devices that store or can access Dartmouth's sensitive information.
  6. Unauthorized Physical Entry - Physical breaches into Dartmouth's facilities that house critical information systems or data.
  7. Social Engineering Attacks - Manipulative tactics (e.g. phishing) targeting Dartmouth's community to unlawfully gain information or access.
    *Note: This should only be reported as an incident if you believe someone has fallen victim to a social engineering attack, e.g. by clicking on a harmful link or attachment, or by responding to a phishing email and/or providing personal information to an attacker. If you simply receive a phishing email, please forward it to phishing@dartmouth.edu.
  8. Policy Violations - Actions that contravene Dartmouth's established information security policies, risking the integrity and security of its systems and data.
  9. Third-Party Security Incident - Security compromises affecting cloud-based services utilized by Dartmouth or networks of business partners that could impact the College’s data security.

Incident Timeline

  • Dates/times (including time zones) for the incident occurrence (if known), discovery, initial report, and closure

Who reported?

  • Contact Information for the Incident Reporter:
    • Full name and NetID
    • Organizational unit/department
    • Email address
    • Phone number
  • If an automated system reported the event:
    • Name of software package
    • Name of the host where the software is installed
    • Network address
    • Physical location
  • If a third party reported the event:
    • Through email - Include full email notice
    • Via phone call - Name, organization, phone number and email address of caller

Detailed description of the event

  • Include as much information as possible:
    • Description of the incident (how it was detected, what occurred)
    • Description of the affected resources
    • Description of the affected organizations
    • Estimated technical impact of the incident (i.e. data deleted, system crashed, application unavailable)
    • Summary of response actions performed so far
    • Other organizations contacted
Print Article

Related Services / Offerings (1)

Report a Security Incident
This service outlines steps to be taken when reporting an incident to Information Security.