How Do We Handle a Data Breach?
In the event of a breach or suspected breach of security–including the suspicion that credit/debit card information has been exposed, stolen, or misused–the merchant or UF department must immediately contact each of the following:
- Payment Card Operations at 392-9057
- UF Privacy Officer at 1-866-876-4472 (Privacy Hotline)
The University Privacy Office is located in Tigert Hall, room G-24.
Phone: (352) 273-1212
Fax: (352) 392-6661
Toll-free (Hotline): 866-876-HIPA
Immediately contain and limit the data exposure and minimize data loss by ceasing use of any suspect machine.
Payment Card Operations will begin an investigation into the incident. Do not resume processing until approved by Payment Card Operations. False reports will be subject to disciplinary action.
To preserve evidence and facilitate the investigation:
- Do not access or alter compromised system(s) (i.e., don’t log on at all to the compromised system(s) including changing passwords; do not log in as ROOT). Visa highly recommends that the compromised system not be used to avoid losing critical volatile data.
- Do not turn the compromised system(s) off. Instead, isolate compromised systems(s) from the network (i.e., unplug network cable).
- Preserve all evidence and logs (i.e., original evidence, security events, web, database, firewall, etc.)
- Document all actions taken, including dates and individuals involved.
- If using a wireless network, change the Service Set Identifier (SSID) on the wireless access point (WAP) and other systems that may be using this
connection (with the exception of any systems believed to be compromised).
- Block suspicious IPs from inbound and outbound traffic.
(Source: Visa Inc. Fraud Investigation Procedures, Version 4.0, Effective September 2013)
Additional information can be found at: