Report a Security Incident

If you received a suspicious email, approved a Duo push you did not initiate, or may have entered your Pitt password on a fake website, act immediately. Every minute matters.

1. 1Do not approve any pending Duo push. A push you did not initiate means someone else has your password. Deny it and do not approve under any circumstances.
2. 2Change your Pitt password immediately from a trusted device at my.pitt.edu.
3. 3Use the KnowBe4 Phish Alert Button (PAB) or the Report button in Outlook to report the suspicious email.
4. 4Submit a ticket to Pitt Digital so our team can review for signs of account compromise and session hijacking.
5. 5Change passwords on any other accounts where you reused the same password.

Remember: Pitt Digital will never ask for your password via email or phone. Legitimate Duo prompts only appear when you are actively logging in yourself.

If someone has gained unauthorized access to your Pitt account, email, or OneDrive, act immediately to limit what the attacker can access.

1. 1Change your Pitt password immediately at my.pitt.edu from a device you trust.
2. 2Submit a ticket to Pitt Digital immediately. Our team will review sign-in logs and revoke active sessions.
3. 3Review your Outlook inbox rules and email forwarding settings for unauthorized changes.
4. 4Check your Duo-enrolled devices at passport.pitt.edu and remove any devices you do not recognize.
5. 5Change passwords on any other accounts where you used the same password.

If your account is disabled as part of a security response, call the Pitt Digital 24/7 Help Desk at 412-624-HELP (4357) to recover access from a clean device.

If your computer is showing ransom messages, behaving strangely, or you suspect a malware infection, isolate the device before doing anything else.

1. 1Do not power off the machine. Shutting it down can destroy forensic evidence and, with some ransomware, trigger further encryption.
2. 2Disconnect from the network by unplugging the network cable or disabling Wi-Fi. Do not disconnect USB drives yet.
3. 3Submit a ticket and call 412-624-HELP immediately. Describe the symptoms and the device name or computer name.
4. 4Do not attempt to remove the malware yourself or delete suspicious files. Leave the device as-is for forensic analysis.
5. 5From a separate, clean device, change your Pitt password and any other passwords you used on the infected machine.

Do not attempt self-remediation. Deleting files, running removal tools, or reinstalling the OS before our team can examine the device may destroy evidence needed for a thorough investigation.

If a laptop, phone, tablet, or USB drive containing University data is lost or stolen, report it regardless of whether you think the device was encrypted. If the device was stolen, report to Pitt Police before contacting the Help Desk.

1. 1If the device was stolen, report it to Pitt Police first. Call 412-624-2121. You can also report in person at the Jerome Cochran Public Safety Building, 3412 Forbes Avenue. See all reporting options. If the device was simply lost (not stolen), skip to step 2.
2. 2Submit a ticket to Pitt Digital. If you filed a police report, include the case number and the name of the officer assigned to the case in your ticket. This information is required for Pitt Digital to coordinate with Pitt Police on the response.
3. 3From a separate, trusted device, change your Pitt password and revoke any active sessions at my.pitt.edu.
4. 4Note what University data was on the device so Pitt Digital can assess the potential exposure. Consult the Data Risk Classification Standard if you are unsure what counts as sensitive data.

Pitt Police — 412-624-2121  |  police@pitt.edu  |  Report a Crime

If you believe Restricted or Private University data may have been accessed or disclosed without authorization, report it immediately. This includes Social Security numbers, protected health information, student records, financial data, and controlled research data.

1. 1Report immediately by submitting a ticket and calling 412-624-HELP. Do not wait to investigate on your own.
2. 2Document what data was potentially exposed, approximately how many records, and how the exposure may have occurred.
3. 3Do not notify affected individuals or issue any public statements before coordinating with Pitt Digital and the Office of General Counsel. Premature notification can complicate the regulatory response.
4. 4Preserve all logs, emails, and system information. Do not delete anything related to the incident.
5. 5If AI or GenAI tools were involved, note which tool and confirm whether it is approved for the data classification level of the exposed data.

Regulatory obligations may apply. Breaches involving health information (HIPAA), student records (FERPA), or financial data may require mandatory notification. Pitt Digital will coordinate the legal and regulatory response.

If something unusual caught your attention but you are not sure whether it rises to the level of a security incident, submit a ticket and let our team evaluate it. Common examples include unfamiliar programs installed on your device, unexpected password-reset emails you did not request, unusual account activity you cannot explain, or someone accessing your shared drive without an obvious reason.

1. 1Do not delete, uninstall, or modify the suspicious item before reporting. Our team needs to examine it as you found it.
2. 2Submit a ticket describing what you observed, when you noticed it, and on which device or account.
3. 3If the concern involves unauthorized software on a University-managed device, also notify your departmental IT.

When in doubt, report it. It is far better to report a false alarm than to miss a genuine threat. Pitt Digital will investigate and advise you on next steps.