Skip To Main Content

Cyber Incidents

graphic depicting a green lock on an internet network background

Cyber Incident One Sheet

What should I report?

You should report cybersecurity incidents that impact services, systems, or people. This includes:

  •  cyber events that compromise agency accounts, systems, or data

  • events that bypass security controls and target systems

  • incidents where personally identifiable information (PII) is accessed or shared without authorization

NOTIFY THE WNYRIC

(716) 821-7171
1-800-872-0780

Create a Security Incident Report

Monday-Friday, 7:00 a.m. - 4:00 p.m. 
(If outside these hours, contact Scott Przywara immediately!)

 

Please provide as much detail as possible. This may include:

  • Date and time the security incident occurred

  • Location of the incident

  • Type of data, systems, or equipment involved

  • How the incident was discovered

  • Whether the compromise puts any person or other data/systems/equipment at risk

  • How many user accounts or devices are impacted

Next Steps & Additional Reporting:

Type Time Frame Report To Link
New! All Cyber Incidents 72 hours from discovery NYS Department of Homeland Security

Report
Student PII or Teacher/Principal APPR Data 10 calendar days from discovery NYSED Chief Privacy Officer

Report
Adult confidential information As soon as possible NYS Attorney General and the NYS Office of Information Technology Services

Attorney General Report
Office of ITS Report (PDF or Word Doc)
New! Ransom Payment is Made 24 hours from payment  NYS Department of Homeland Security

Report
New! Cyber incident involving a ransom 30 calendar days from payment NYS Department of Homeland Security

Report

 

Impacted Party Required Reporting

When there is an unauthorized disclosure of PII or other confidental information, there are requirements for notification of all impacted parties. 

Type Time Frame Report To
Student PII or Teacher/Principal APPR Data 60 calendar days from discovery Parents/Guardians of impacted parties and adult impacted parties
Adult confidential information as soon as possible All impacted parties

 

These notifications must include: 

  • a brief description of the breach or unauthorized release
  • the dates of the incident
  • the date of discovery
  • a description of the types of personally identifiable information affected
  • an estimate of the number of records affected
  • a brief description of the educational agency’s investigation or plan to investigate 

 

Note: The information provided on this page is for general reference only and should not be considered legal advice. Please consult your district’s legal counsel and cyber insurance provider as needed.