Appendix B: Incident Response

Incident Response

Although MIT hopes that its efforts at protecting personal information will result in no compromises of PIRN or other sensitive information, compromises may still happen. It is just as important that MIT handles such incidents properly.

MIT may decide to send out a notice even if there is no confirmation that a breach of security resulted in unauthorized exposure of PIRN. It may also send out a notice if information is exposed that does not fall under the definition of PIRN, but is still considered sensitive. In those cases, notification decisions will be made on a case-by-case basis.

How Incidents Can Occur

From time to time, the Security and Resilience Team receives reports that a computer containing personal information is at risk of being compromised, or that a computer account has been used in a way that exposed personal information.

Compromises can happen when a computer is running an outdated and unpatched operating system. Indications of a compromise include alerts from anti-virus or anti-malware software. Some signs of compromise are subtle and no alerts may be generated.

Other ways information could be disclosed: through loss or theft of laptops and other storage devices, web searchable Athena Lockers, unencrypted documents and databases, weak passwords, lack of access controls, and data on disposed hard drives.

Information contained in paper files can be exposed as well if not properly secured or disposed of.

What to Do in the Event of a Data Incident

Individuals should avoid trying to address situations on their own, as they may corrupt forensic information necessary to determine the scope of the issue and the risks to MIT.

If you believe a breach of PIRN may have occurred, immediately report the incident by sending email to infoprotect@mit.edu.

If you have received a notice that a computer has a possible compromise, follow the instructions in the notice. The incident responders will work through a process to determine if a reportable breach has occurred, and will engage MIT's Data Incident Response Team as appropriate. Detailed instructions for reporting and handling a potential compromise of PIRN can be found here.