Report a Security Incident

Security Virus hack Duo Incident phishing MFA Malware hacking data-breach social-engineering spear-phishing lost stolen

Spot a security incident? Report it immediately.
All security incidents are handled through the Technology Help Desk ticketing system.

Submit a Ticket Now →

What to Report

Report any of the following incidents by submitting a Help Desk ticket or calling 412-624-HELP (4357) immediately:

✉ Phishing & Social Engineering Suspicious emails, texts, or calls seeking credentials or device access	☢ Malware, Virus, or Ransomware Malicious software on a University or personally-owned device used for University work
👤 Compromised Account Unauthorized access to your Pitt Passport or other University-connected account	💾 Unauthorized Data Disclosure Exposure of sensitive University or personal data to unauthorized parties
💻 Lost or Stolen Device Missing laptop, phone, or storage device that contains University data or system access	🛡 Other Security Concerns Network intrusion attempts, unauthorized system access, or suspicious activity

Not sure if something is a real incident? Report it anyway. It is far better to report a false alarm than to miss a genuine threat. Pitt Digital will investigate and advise you on next steps.

How to Report

All security incidents should be reported through the Technology Help Desk. Choose the method that is fastest and most accessible to you.

1. Submit a Help Desk ticket (preferred)
Use the TDX Security Incident Request form to submit a detailed report any time, 24/7. Include as much detail as possible — see the incident-specific guidance below.

2. Call the Technology Help Desk
For urgent situations, call 412-624-HELP (4357) immediately. The Help Desk is available 24/7 and can escalate your incident to the appropriate security team.

3. Report phishing emails using the KnowBe4 Phish Alert Button (PAB)
For suspicious emails you have not clicked or responded to, the preferred method is the KnowBe4 Phish Alert Button (PAB) — available in Outlook on desktop and mobile. One click reports the email directly to Pitt Digital's security team, automatically removes it from your inbox, and preserves the full message metadata needed for investigation.

Phish Alert Button (PAB) — Preferred Method. Look for the Phish Alert button in your Outlook ribbon or toolbar.
› Reporting Phishing Emails Using KnowBe4's Hybrid Phish Alert Button
› Phishing Emails: Don't Take the “Bait”

For phishing emails you have already clicked or responded to, submit a Help Desk ticket or call 412-624-HELP (4357) in addition to using the PAB.

Reporting by Incident Type

Select the section that best matches your situation for guidance on what information to include and what actions to take immediately.

✉ Phishing & Social Engineering — Suspicious emails, texts, unsolicited Duo requests, or phone scams

⚠ Received an unexpected Duo push notification? Do not approve it — it means someone else has your password. Decline the request, then change your Pitt Passport password immediately and submit a ticket.

What information to include in your report:

The sender's email address and the message subject line
The date and time you received the message
Whether you clicked any links or opened any attachments
Whether you entered your credentials or provided any personal information
Whether you approved a Duo MFA request you did not initiate
Whether the message appeared to come from a Pitt faculty, staff, or administrative account
Any phone numbers, URLs, or callback addresses present in the message

Immediate actions:

Do not click links, open attachments, or reply if you have not done so already.
If you clicked a link or entered credentials, change your Pitt Passport password immediately via my.pitt.edu.
Use the Outlook Report button or KnowBe4 PAB and submit a Help Desk ticket.
If impersonating a Pitt employee, consider notifying that individual so they are aware their identity is being used.

☢ Malware, Virus, or Ransomware — Malicious software, unexpected system behavior, or ransomware encryption notices

⚠ Do not attempt to remove the malware yourself. Amateur removal attempts can destroy forensic evidence and may not fully eliminate the threat. Isolate the device first, then contact the Help Desk.

✓ Do

Disconnect from Wi-Fi and unplug any network cables
Disconnect external drives or USB devices
Leave the device powered on (unless instructed otherwise)
Document what you observed and when

✗ Don't

Attempt to remove or quarantine the malware
Shut down or reboot the device
Continue using the infected device
Pay any ransomware demand without consulting Pitt Digital

What information to include in your report:

Computer name, serial number, and IP address (if known)
Physical location of the computer (building, room, lab)
Date and time the problem was first noticed
Whether the device is University-owned or personally owned
Whether other computers on the same network may be affected
Whether sensitive or restricted data is stored on the device — see Data Risk Classification
Whether the device was used to access any University-managed systems recently

👤 Compromised Account — Unauthorized login to your Pitt Passport, email, or other University-linked account

Immediate actions:

Change your Pitt Passport password immediately at my.pitt.edu.
Check your email for forwarding rules or inbox filters not set by you.
Review your Duo MFA registered devices and remove any you do not recognize.
Change passwords for any other accounts where you used the same password.
Submit a Help Desk ticket describing what happened and when.

What information to include in your report:

Which account(s) you believe were compromised
Date and time you first noticed unauthorized activity
What unauthorized activity you observed (emails sent on your behalf, forwarding rules, logins from unusual locations)
Whether you recently clicked a phishing link or entered credentials on a website
Whether any sensitive data may have been accessible through the compromised account

💾 Unauthorized Data Disclosure — Exposure or potential exposure of sensitive, restricted, or regulated University data

⚠ Data breaches involving restricted or sensitive data have regulatory and legal implications. Report immediately — do not attempt to investigate, remediate, or notify affected parties on your own before speaking with Pitt Digital.

What information to include in your report:

Description of the data involved (type, approximate volume)
The data risk classification level — Restricted, Sensitive, Internal, or Public
How the data was exposed (misconfigured sharing, email to wrong recipient, phishing, etc.)
Date and time of the exposure
Whether regulated data may be involved (FERPA, HIPAA, PCI, Social Security Numbers)
Approximate number of individuals whose data may be affected
Whether any AI or GenAI tools were used to process the data — confirm those tools are approved for that classification level

💻 Lost or Stolen Device — Missing laptop, phone, tablet, USB drive, or other device with University data or access

What information to include in your report:

If stolen, the police report case number after contacting the University Police at 412-624-2121
Device type, make, model, and serial number
Whether the device is University-owned or personally owned
Whether device storage was encrypted (FileVault for Mac, BitLocker for Windows)
University systems or data the device had access to
Date, time, and location where the device was last seen
Whether the device was locked with a PIN or password at time of loss
Whether sensitive or regulated University data was stored locally — see Data Risk Classification

Immediate actions:

If stolen, contact the University Police at 412-624-2121.
Consult with your departmental IT within Pitt Digital to discuss remote wiping capabilities.
Change passwords for any accounts accessible from the device.
Contact University Public Safety or local law enforcement if the device was stolen.
Submit a Help Desk ticket immediately.

🛡 Other Security Concerns — Network intrusion, unauthorized system access, or suspicious activity

What information to include in your report:

What you observed — describe the behavior or anomaly as specifically as possible
Date and time you first noticed the activity
Name, serial number, and IP address of affected system(s), if known
Physical location of the affected system(s)
Whether the situation may involve more than one computer or system
Whether any potentially sensitive information is stored on or accessible from the affected system(s)
Any log files, screenshots, or other evidence you can share

Protect Yourself Against Future Threats

Pitt Digital is monitoring a surge in targeted spear phishing attacks — sophisticated scams that incorporate personal details and often arrive from non-Pitt addresses such as Gmail. Your vigilance is crucial.

1. Only approve Duo requests you initiated An unexpected Duo push means someone else has your password. Decline it immediately and change your Pitt Passport password.	2. Use unique passwords and enable MFA everywhere Create a unique password for Pitt Passport and a different password for every other account. Enable MFA on all accounts that offer it.
3. Spot and report phishing scams Watch for typos, urgency, requests for sensitive data, or asks to reply using personal email. Use the Report button in Outlook or the KnowBe4 PAB.	4. Keep your software updated Enable auto-updates for browsers, apps, and your OS. University-managed Macs receive updates automatically. Windows users should activate Windows Update.
5. Complete annual security training Search for “security training” on myPitt to complete or review training powered by KnowBe4.	6. Only download apps from trusted sources Install apps only from official app stores. For University business, ensure any new application has undergone a vendor security risk assessment.