Topics Map > IT Services > IT Security
Topics Map > IT Services > Training

HD - Compromised Accounts

Procedure for what to do if a UW Oshkosh account is compromised.

What UW Oshkosh accounts could be compromised

  • NetID
  • Titan Apps
  • Titan Web
  • Titan Admin

What to do if a UW Oshkosh account is compromised

How will we me notified

  1. The notification of the compromised account will likely come to the Help Desk via email from a UW Oshkosh Information Technology employee or a UW Oshkosh employee who handles IT related systems.
    1. The email will include the username of the account that has been compromised with information about the compromise

What to do after we are notified of a comprised account

  1. Look up the user name in AMS to see if the account has an active NetID and Email

If the NetID and Email are not found or are disabled:

  1. Notify the email sender that there are no active accounts

If the NetID and Email are found and accounts are active:

  1. Immediately reset passwords for ALL of their accounts NetID, TitanApps (Email) and TitanWeb (if they have one)
  2. Use the compromised account template to create a ticket
    1. The ticket will be assigned to Incidents Response and Help Desk
  3. Notify Incident Response via phone so they can check if there is a Titan Admin account
    1. Incident Response will reset the Titan Admin account if it exist
  4. Contact the account owner via phone number listed in Titan Admin
    1. If you reach them:
      1. ID check the user of the compromised account
      2. Reset the NetID and Titan Apps (Email) and Titan Web (if they have one) passwords again so that you can provide them with the password that it is reset to
      3. Walk them through how to get back into each account
      4. Update the a ticket documenting what you did
      5. Contact a team member from the PS Accounts team to see if they have a Titan Admin account.  Let them know you have the user on the phone so they can reset the Titan Admin account if it exist
    2. If you do not reach them
      1. Leave a voicemail that they need to contact the IT Help Desk regarding their UW Oshkosh accounts

When the user returns the call from the Help Desk regarding their accounts

  1. ID check the user of the compromised account
  2. Reset the NetID and Titan Apps (Email) and Titan Web (if they have one) passwords again so that you can provide them with the password that it is reset to
  3. Walk them through how to get back into each account
  4. Update the a ticket documenting what you did
  5. Contact a team member from the PS Accounts team to see if they have a Titan Admin account.  Let them know you have the user on the phone so they can reset the Titan Admin account if it exist




Keywords:Security Account   Doc ID:80709
Owner:Michelle L.Group:UW Oshkosh
Created:2018-03-08 10:30 CDTUpdated:2018-03-21 14:56 CDT
Sites:UW Oshkosh
Feedback:  0   0