Electronic Data Breaches

On this page:
Basic Process for Reporting Data Incidents
Incident Report: Basics
Incident Report: Computers & Device Details
Incident Report: Data Details

If the incident involves paper data, see Paper Data Breach Reporting. Failure by MIT to report any data incident involving regulated data in a timely manner may be a violation of state or federal law. If in doubt, report the incident first.

Basic Process for Reporting Data Incidents

If an IT security incident has occurred involving electronic MIT business data of any kind, take the following steps:

• ISOLATE the computer(s) involved from the campus network. To preserve useful evidence of the incident, DO NOT POWER OFF the computer(s) or device(s) if at all possible. Disconnect the computer(s) from the network by unplugging their network cables, if they are connected, and disabling or turning off any wireless connections.
• NOTIFY the MIT Data Incident Response Team as soon as possible by sending e-mail (if possible) to infoprotect@mit.edu.
• CONTACT your local or designated IT support professional, whomever is responsible for the computer(s) and device(s) involved. This individual, or their designee, is responsible for initial response. Failure by MIT to report the incident in a timely manner may be a violation of state or federal law. If in doubt, report the incident.
• PROVIDE the Incident Report data as outlined below to infoprotect@mit.edu.

Incident Report: Basics

• Incident data: date and time of incident (or the discovery of the incident)
• Nature of incident: confirmed/suspected break-in by unauthorized parties, lost or stolen computer(s) or device(s)
• Your contact info: email address, office, phone (MIT, cell and other)
• IT Support Professional contact info (if not same as above): email address, office, phone (IT, cell and other)

Incident Report: Computers & Device Details

Provide whatever you know...

Computer(s) info:

• hostnames (e.g., xxx.mit.edu),
• IP addresses (e.g., 18.100.150.200),
• MAC addresses (unique, internal network interface card ids),
• physical location
• type of backup used (TSM, other, none)

Removable device(s) info: name, type and size of the device(s)

Mobile device(s) info: make and model of device(s)

Incident Report: Data Details

Provide whatever is known, or suspected...

Describe any possible data that might be at risk as a result of the incident, including any old files that were stored on the computer:

• SSN or other personally identifying information
• Credit card numbers or other financial information
• Current or past student information
• Medical or other protected health information
• Any MIT confidential or non-public information. Examples of Regulated, Confidential and Public information are listed here