Handling a Data Breach
Directive Statement
In the event of a breach or suspected breach of security – including the suspicion that credit or debit card information has been exposed, stolen, or misused – the merchant or UF department must immediately contact Payment Card Operations (392-9057) and the UF Privacy Office Hotline (1-866-876-4472). The department must immediately contain and limit the data exposure and minimize data loss by ceasing use of any suspect machine. False reports will be subject to disciplinary action.
Reason for Directive
Security breaches can result in serious consequences for the University including damage to the institution’s reputation, added compliance costs, the assessment of substantial fines, the loss of credit card acceptance privileges and possible legal liabilities.
Who Must Comply?
All University departments whose personnel store, process or transmit cardholder information. This also applies to units that outsource the processing of payment card information to third party vendors.
Procedures
Immediately contact the following:
- Supervisor and Department Head
- Payment Card Operations: 392-9057
- UFIT Security: Complete a “Digital Forensics Examinations” Form on the UFIT Service Catalog (Service Portfolio: Security, Service Group: Security Incident Response and Investigation)
- UF Privacy Office
Email: privacy@ufl.edu
Phone: (352) 294-8720
Fax: (352) 627-9052
Mailing Address:
PO Box 103175
Gainesville, FL 32610-3175
Physical Address:
3007 SW Williston Road
Gainesville, FL 32608
The Response Team will immediately coordinate a response and reply to this initial notification/communication to confirm they are aware of the incident. Assist the Response Team as they investigate the incident by doing the following:
- Do not turn the compromised systems(s) off. Instead, isolate the system(s) from the network by unplugging the communications cord (phone or Internet) from the machine. If the cable is secured and you do not have the key to the network jack, cut the network cable
- Do not access or alter compromised system(s) – this means do not log on at all to the compromised system(s) including changing passwords or logging in as ROOT
- VISA highly recommends that the compromised system(s) not be used at all to avoid losing critical volatile data
- Preserve all evidence and logs, such as original evidence (sales receipts, computer screen shots, etc.), security events, web, database, firewall, etc.
- Document all actions taken, including dates and individuals involved
- If using a wireless network, change the Service Set Identifier (SSID) on the wireless access point (WAP) and other systems that may be using this connection (except any system(s) believed to be compromised)
- Block suspicious Internet Protocols (IPs) from inbound and outbound traffic
Definitions
Internet Protocol (IP)
The method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one IP address that uniquely identifies it from all other computers on the Internet. [Back to Top]
Service Set Identifier (SSID)
A sequence of characters that uniquely names a wireless local area network (WLAN). An SSID is sometimes referred to as a “network name.” This name allows stations to connect to the desired network when multiple independent networks operate in the same physical area. [Back to Top]
Wireless Access Point (WAP)
A networking hardware device that allows a Wi-Fi device to connect to a wired network. [Back to Top]
Last Reviewed
01/31/2021: reviewed content
Resources
PCI Security Standards Council
UFIT Security Incident Response Procedures
Training
TRM125 – Payment Card Security Awareness Training
Contacts
Treasury Management/Payment Card Operations: (352) 392-9057
Treasury-creditcards@ad.ufl.edu
UF Privacy Office: (352) 294-8720