Penn Office of Information Security is available to respond to computing security incidents and can be reached at:
- Telephone: (215) 898-2172
- E-mail: security@isc.upenn.edu
IMPORTANT! If you believe that the issue you wish to report involves a possible threat to the personal safety of yourself or any other person, or if you think that it involves criminal activity (including identity theft), we strongly urge you to report it directly to Penn Public Safety by calling them at 511 (on-campus) or 215-573-3333 (off-campus/cell phone). Although the Penn Office of Information Security is not a law enforcement agency, we will consult with Public Safety on criminal investigations involving computing security.
If you're unsure about what you should report or how you should report it, here are a few suggestions:
- If you are contacting us about a forgotten PennKey password, lost or expired Setup Codes, or anything related to your PennKey, please visit https://www.upenn.edu/pennkey or email pennkey@isc.upenn.edu
- Suppose you are reporting an attack against a computer belonging to you, and the attack appears to be coming from or involving a computer part of Penn's network. In that case, it would be beneficial if you could forward any logs you have that detail the attack to us at security@isc.upenn.edu to assist in the investigation.
- If you are a Penn computer user and have reason to believe that one or more of your computers has been compromised, report it to us along with any logs or other evidence you have detailing the compromise. It's also a good idea to unplug the affected machine(s) from the network or disable the device(s) wireless and cellular capability until the matter is resolved.
- If you report what you believe violates copyright law involving a computer part of Penn's network, please check the information on the Copyright and File Sharing webpage before making your report.
- If you believe you are the victim of a Phishing attack, please email phishing@upenn.edu and visit our Phishing and Spear Phishing before you contact us.
The above does not cover all situations; therefore, if you suspect a computing security issue, it is better to contact the Office of Information Security to mitigate any risk.