Reporting a cybersecurity issue or information security breach

It is important for (suspected) cybersecurity incidents and information security breaches to be reported in a consistent way to ensure the University’s responses adhere to the following objectives:

  • To ensure the University complies with applicable legislative and regulatory guidelines.
  • To facilitate effective, coordinated, cybersecurity incident response.
  • To identify the root cause of cybersecurity incidents and implement measures to mitigate and prevent further incidents of a similar nature.
  • To enable continuous improvement of the University’s intrusion detection capability.


Cybersecurity Event – Individual computing account

Any member of the University community who believes that there is a cybersecurity issue with their University of Waterloo computing account is expected to contact one of the following for assistance (in order of preference):

  1. An IST Service Desk
  2. A Faculty service desk
  3. IST's Security Operations Centre (SOC)

When assisting with a suspected cybersecurity event or incident involving a University computing account, computing support staff will follow procedures as provided by the Manager, Information Security Operations. In the event such procedures are unknown or ambiguous, support staff should contact the SOC, the Manager, Information Security Operations, or the Director, Information Security Services for guidance.

Cybersecurity Event – University of Waterloo online services and/or infrastructure

Any member of the public, including any member of the University community, who believes there is a cybersecurity event or incident involving University online services or computing/networking infrastructure is expected to contact the SOC as soon as possible after discovery by sending email to or by calling +1-519-888-4567 extension 41125. Current information about contacting the SOC is published at

Reporting a privacy breach

Any member of the University who discovers, or is made aware of, an information security breach of personal information, as defined by Policy 46, that may not be covered in the above cases is expected to follow the Privacy Breach Response Procedure.