Security Incidents
Please contact OxCERT via email on oxcert@infosec.ox.ac.uk for urgent inquiries contact the team at +44 1865 282 222 or phone extension 82 222.
For confidential email correspondence please use GnuPG encrypting to OxCERT's current public key
ID: 0x5F8868AF
Fingerprint: A8E1 FD4B 9770 C77A 75F0 5273 CE28 F2F2 5F88 68AF
Please do not send us messages protected via proprietary digital rights management or encryption systems like Outlook's protected messages – OxCERT won't be able to work with such systems.
When reporting the incident provide as much detail as possible including:
- Affected system and users (hostname, IP address, user names and account types)
- Date the incident occurred
- Symptoms
- Impact
- Has the incident been handled or do you need support?
- Are there any mitigations in place?
- Is personal or sensitive personal data at risk?
Suspect Phishing Messages
If you wish to report a phishing or other malicious email, please forward the message including full email headers as an attachment to phishing@infosec.ox.ac.uk. Please note that the suspect phishing reporting service cannot respond to reports of spam messages or other forms of unsolicited email.
Responsible Disclosure
If you wish to report a discovered vulnerability please notify oxcert@infosec.ox.ac.uk so that we can take action. Please provide the following information:
- Your contact details, ideally an email address.
- The affected URL/IP address and the type of vulnerability found.
- Please give enough detail to enable us to reproduce the flaws so that it can be remediated as soon as possible.
Whilst we are grateful for helpful responsible disclosures, the University of Oxford as a charity does not operate a formal bug bounty recognition programme. The University of Oxford issues only in very rare circumstances a letter of recognition for exceptionally high quality bug reports
