In the event of a breach or suspected breach of security, the Merchant Department must immediately execute each of the relevant steps detailed below.

  • The MDRP or any individual suspecting a security breach must immediately notify the Incident Response Team at infosec@middlebury.edu, in accordance with the Technical Incident Response Policy, of an actual breach or suspected breach of payment card information. Email should be used for the initial notification and to provide a telephone number for the Incident Response Team to respond to. Details of the breach should not be disclosed in email correspondence.
  • The MDRP or any individual suspecting a security breach involving e-commerce also must immediately ensure that the following steps, where relevant, are taken to contain and limit the exposure of the breach:
    • Prevent any further access to or alteration of the compromised system(s) (i.e., do not log on at all to the machine and/or change passwords).
    • Do not switch off the compromised machine; instead, isolate the compromised system(s) from the network by unplugging the network connection cable.
    • Preserve logs and electronic evidence.
    • Log all actions taken.
    • Document all conditions, personnel, and events around system at time of and leading up to suspected breach.
    • Be on HIGH alert and monitor all e-commerce applications.

Finance Office
152 Maple Street
Marble Works, Suite 102
Middlebury, VT 05753