There are many ways we can learn of breaches for systems used outside of Cornell’s centrally offered services:
- Notification from the vendor once logged into an online account
- A phone, text, or email notification
- Media reports
Note: Exercise caution with phone, text, or email notifications as they may not come from legitimate sources. Always confirm the source of the notification by engaging the third-party directly. This is much safer than replying to or clicking on links in emails, and helps you potentially avoid falling for phishing scams.
- If a notification is received via phone, text, or email and you are not sure if it is legitimate, check the Phish Bowl to see if it is posted as a known fraudulent communication AND contact the vendor directly to confirm.
- Contact your supervisor, local IT Support, the IT Service Desk, and IT Security Liaison for assistance.
- Engage the Security Office and Privacy Office for further guidance.
- The level of risk to your personal information or Cornell data is largely dependent on
- what kind of data is stored by the vendor or third-party
- information reported as exposed/disclosed