Report a security incident


What is an information security incident?

An information security incident is any real or suspected adverse event in which there is an attempt to harm, or actual harm caused to computer systems or networks.

Examples include:

  • Attempts (either failed or successful) to gain unauthorised access to a system or its data.
  • Unauthorised exposure of private personal information (which may lead to identity theft or misrepresentation).
  • Unwanted disruption or denial of service.
  • Information technology equipment theft or loss.
  • Unauthorised use of a system for the processing or storage of data.
  • Changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent.

How do I report an information security incident?

Any real or suspected information security incident should immediately be reported to the Staff Service Centre.

Staff Service Centre
Phone: +64 9 373 7599 ext 86000
Email: staffservice@auckland.ac.nz

For urgent issues that occur outside the Staff Service Centre operating hours (7:30am to 6:00pm Monday to Friday), you can additionally conact:

IT Operations
Email: operators@auckland.ac.nz

If the incident concerns a desktop, laptop or server, do not turn off the machine. Leave it running, and contact the IT service desk immediately. Taking further action on the machine concerned will compromise the ITS security team's ability to obtain the evidence they need to investigate the incident properly. If the incident takes place outside office hours, then disconnect the machine from the network by removing the network cable or turning off wireless networking. Leave the machine running until a member of the ITS Security team is able to collect the machine to examine it. Ensure that the machine is plugged into the power supply.

When you report the incident, please provide the following information:

  • Your name
  • Your location
  • Email address
  • Telephone number
  • Description of the IT security problem
  • Date and time the problem was first noticed (if possible)
  • Any other known resources affected
  • Asset tag of the machine affected (if known)

For further information, refer to the Cyber Security Incident Response Standard