Skip to main content

Report an Incident

Report suspicious cyber activity to the Information Security Office, right away!

Reporting an Incident Icon: Exclamation mark in three concentric triangles

Please contact the Information Security Office (ISO) right away for any of the following:

Report a lost or stolen device

Report a suspicious email

Report other suspicious cyber activity to the ISO

Ask a non-urgent question

For urgent matters, call 203-627-4665

This is our 24x7 number. Call us immediately for events impacting the confidentiality, integrity, or availability of Yale University. This includes, but is not limited to:

  • I believe High Risk or regulatory (e.g. HIPAA, SSNs) data has been lost, stolen, or placed where it shouldn’t be.
  • I believe someone has stolen my account or password.
  • I received a pop-up message demanding urgent action is taken (e.g., ransomware, malware).
  • I received unexpected messages from a colleague asking for money or other financial information.
  • I’ve found a technology vulnerability or coding bug in a Yale IT System.

If you are unsure if this is a cybersecurity issue, contact the ITS Helpdesk 203-432-9000 or your local support provider.

See below for more information on our “Bee SAFE, Not Sorry” model for reporting suspicious cyber activity.


Reporting Bee Logo: Bee Cyber Fit bee holding bullhorn imprinted with the Report an Incident icon

Recognizing, reporting, and responding to cybersecurity incidents 

How do you know when to report something? What steps should you take? What do you do once you’ve reported the concern? We sum this up with our “Bee SAFE, Not Sorry” model, where SAFE stands for:


S  –  See something suspicious

–  Act quickly

F  –  Follow instructions 

E  –  Exercise discretion


As the individual reporting an incident, the “Bee SAFE, Not Sorry” model is all you need to know.

Letter "S"

"S"  -  See something suspicious

Go with your gut. You know your work better than anyone. If something seems unusual or suspicious, don't ignore it.

Here are a few common red flags that should be reported: 

  • Pop-up messages demanding action be taken right away.
  • Files are missing or unfamiliar files are appearing on your device.
  • Settings on your device or applications were changed.
  • Device frequently crashes or runs unusually slow.
  • Browsers (e.g. Firefox, Chrome) are lagging or redirecting to unknown sites.
  • Emails from unexpected senders or that contain suspicious links or attachments (phishing).
Letter "A"

"A"  -  Act quickly 

Don’t hesitate to report the concern or be embarrassed or worried about blame. Even if what you saw ends up being nothing, it is better to be safe than sorry.

Here are some dos and don’ts when reporting an incident right away:


  • Report the incident as soon as you see something that causes concern.
  • Know you are doing the right thing just by exercising caution and reporting the concern.
  • Call us at 203-627-4665 if it seems urgent.


  • Hesitate or procrastinate.
  • Be embarrassed or worried about blame.
  • Talk to others for a second opinion or try to resolve the issue yourself.

Even if what you saw ends up being nothing, it is better to be safe than sorry.

Letter "F"

"F" -  Follow instructions 

Follow the guidance provided by the Information Security Office (ISO) after you report a security incident. Let the experts help.

Letter "E"

"E"  -  Exercise discretion

Don’t discuss the incident. Once you report it to the ISO, refrain from discussing the incident with others.