Report an incident

Working with OxCERT

When a security incident takes place, there are specific steps to take when working with OxCERT – the University's Computer Emergency Response Team. This process is used for reporting significant security events, such as the following:

  • Unauthorised access or data breaches
  • Disclosure of access credentials
  • Acceptable use policy breaches
  • Malware or intrusions involving systems that process or store senstive information
  • Intrusions that involve more than one system (lateral movement)
  • Incidents that represent a significant risk to a department or the campus
  • Advanced malware such as ransomware, remote access trojans (RAT), info stealers, etc
  • Phyiscal data compromise or loss, e.g. theft or loss of computer equipment including storage devices.

If you are IT Support Staff or a senior college/departmental officer or administrator, working with OxCERT will

  • Manage security incidents at the University of Oxford
  • Combat rising security and accountability risks
  • Reduce associated costs

If you are not a system administrator and suspect a violation of your computer's security has occurred, contact your department's or college's IT support staff immediately. In case you are unable to contact your local support team, please do not hesitate to contact OxCERT directly.

Reporting an Incident to OxCERT

Security Incidents

Please contact OxCERT via email on oxcert@infosec.ox.ac.uk for urgent inquiries contact the team at +44 1865 282 222 or phone extension 82 222.

When reporting the incident provide as much detail as possible including:

  • Affected system and users (hostname, IP address, user names and account types)
  • Date the incident occured
  • Symptoms
  • Impact
  • Has the incident been handled or do you need support?
  • Are there any mitigations in place?
  • Is personal or sensitive personal data at risk?

Suspect Phishing Messages

If you wish to report a phishing or other malicious email, please forward the message including full email headers as an attachment to phishing@infosec.ox.ac.uk. Please note that the suspect phishing reporting service cannot respond to reports of spam messages or other forms of unsolocited email.

Contact OxCERT

Please read the guidance on this page how to best report an incident prior contacting us.

Email: oxcert@it.ox.ac.uk

Phone: +44 1865 282 222
Extension: 8 2222

For confidential email correspondence please use GnuPG encrypting to OxCERT's current public key
ID: 0x5F8868AF
Fingerprint: A8E1 FD4B 9770 C77A 75F0  5273 CE28 F2F2 5F88 68AF

List of site pages