Cybersecurity, Reporting and responding to compromised websites, servers, services, applications, solutions, and other assets

A website, solution, or server that I run has been compromised. What are the requirements, next steps, and expectations?

When you discover a security event such as a compromised website, service, or server:

  1. If there is a breach probable use the emergency KB instead (click)
  2. Contact the Cybersecurity Operations Center (CSOC) via email at to coordinate incident response.
  3. Contact your Security Liaison
If you receive an incident notice from the CSOC about a compromise:
  1. Respond immediately
  2. Communicate with the CSOC the steps you've taken to contain, fix, or otherwise mitigate impact arising from the event. 
  3. Security may filter assets from the network or otherwise mitigate the compromise if warranted or if no timely response is received.
  4. It is critical that you inform Privacy and Security if your asset stores, processes, or transmits sensitive information or has access to sensitive or high-risk information.

See for more details on the Privacy & Security Critical Event Response team, what they do, and what to expect

KeywordsSecurity Hacked server OPIA compromise breach response malware crack pwned cybersecurity csoc sensitive escalation escalate   Doc ID56730
OwnerSecurity S.GroupUniversity of Illinois Technology Services
Created2015-09-24 15:27:48Updated2023-09-06 11:25:49
SitesUniversity of Illinois System, University of Illinois Technology Services
Feedback  0   0