Handling a Data Breach

Directive Statement

In the event of a breach or suspected breach of security – including the suspicion that credit or debit card information has been exposed, stolen, or misused – the merchant or UF department must immediately contact Merchant Services (392-9057) and the UF Privacy Office Hotline (1-866-876-4472).  The department must immediately contain and limit the data exposure and minimize data loss by ceasing use of any suspect machine.

Reason for Directive

Security breaches can result in serious consequences for the University including damage to the institution’s reputation, added compliance costs, the assessment of substantial fines, the loss of credit card acceptance privileges and possible legal liabilities.

Who Must Comply?

All University departments whose personnel store, process or transmit cardholder information. This also applies to units that outsource the processing of payment card information to third party vendors.

Procedures

Immediately contact the following:

  1. Supervisor and Department Head
  2. Merchant Services: 392-9057
  3. UFIT Security: Complete a “Digital Forensics Examinations” Form on the UFIT Service Catalog (Service Portfolio: Security, Service Group: Security Incident Response and Investigation)
  4. UF Privacy Office

Email: privacy@ufl.edu
Phone: (352) 294-8720
Fax: (352) 627-9052
Mailing Address:
PO Box 103175
Gainesville, FL 32610-3175
Physical Address:
3007 SW Williston Road
Gainesville, FL 32608

The Response Team will immediately coordinate a response and reply to this initial notification/communication to confirm they are aware of the incident.  Assist the Response Team as they investigate the incident by doing the following:

  1. Do not turn the compromised systems(s) off. Instead, isolate the system(s) from the network by unplugging the communications cord (phone or Internet) from the machine.  If the cable is secured and you do not have the key to the network jack, cut the network cable
  2. Do not access or alter compromised system(s) – this means do not log on at all to the compromised system(s) including changing passwords or logging in as ROOT
  3. VISA highly recommends that the compromised system(s) not be used at all to avoid losing critical volatile data
  4. Preserve all evidence and logs, such as original evidence (sales receipts, computer screen shots, etc.), security events, web, database, firewall, etc.
  5. Document all actions taken, including dates and individuals involved
  6. If using a wireless network, change the Service Set Identifier(SSID) on the wireless access point (WAP) and other systems that may be using this connection (except any system(s) believed to be compromised)
  7. Block suspicious Internet Protocols (IPs) from inbound and outbound traffic

Resources

Internal Controls Checklist

UF Credit Card Merchant Policy

VISA Risk Management

VISA “If Compromised”

PCI Security Standards Council

UFIT Security Incident Response Procedures

Training

TRM125 – Payment Card Security Awareness Training

Contacts

Banking & Merchant Services: (352) 392-9057

Treasury-creditcards@ad.ufl.edu

UF Privacy Office: (352) 294-8720

Still have a question?

View our FAQs

Page Contents