Handling a Data Breach Procedure

Procedures

Immediately contact the following:

Supervisor and Department Head
Merchant Services: 392-9057
UFIT Security: Complete a “Digital Forensics Examinations” Form on the UFIT Service Catalog (Service Portfolio: Security, Service Group: Security Incident Response and Investigation)
UF Privacy Office

Email: privacy@ufl.edu
Phone: (352) 294-8720
Fax: (352) 627-9052
Mailing Address:
PO Box 103175
Gainesville, FL 32610-3175
Physical Address:
3007 SW Williston Road
Gainesville, FL 32608

The Response Team will immediately coordinate a response and reply to this initial notification/communication to confirm they are aware of the incident. Assist the Response Team as they investigate the incident by doing the following:

Do not turn the compromised systems(s) off. Instead, isolate the system(s) from the network by unplugging the communications cord (phone or Internet) from the machine. If the cable is secured and you do not have the key to the network jack, cut the network cable
Do not access or alter compromised system(s) – this means do not log on at all to the compromised system(s) including changing passwords or logging in as ROOT
VISA highly recommends that the compromised system(s) not be used at all to avoid losing critical volatile data
Preserve all evidence and logs, such as original evidence (sales receipts, computer screen shots, etc.), security events, web, database, firewall, etc.
Document all actions taken, including dates and individuals involved
If using a wireless network, change the Service Set Identifier(SSID) on the wireless access point (WAP) and other systems that may be using this connection (except any system(s) believed to be compromised)
Block suspicious Internet Protocols (IPs) from inbound and outbound traffic