Security, Responding to Compromised Websites
A website or server that I am responsible for has been compromised. What are my next steps?
If an administrator of becomes aware of a compromised website or server before
receiving a notice from the Office of Privacy and Information Security, they should contact firstname.lastname@example.org
to coordinate the incident response.
If an administrator receives a notice, from the Office of Privacy and Information Security, about a compromised web server they should respond as soon as possible with the steps taken to remediate the compromise. Security may filter the web server from the network if warranted, or if no response is received regarding the compromised system.
The administrator of the system must inform Privacy and Information Security of mitigation steps taken, and whether or not the system stores sensitive information or has access to sensitive information.