Skip to content

    Pages for:

  • Faculty
  • Staff
  • Students
Cornell University
Cornell University
Office of the Treasurer
  • About
    • Contact
    • Events
    • News
  • Cash Management
    • Processing International Funds
      • Int’l Currency Conversion
      • International Exchange Rates
    • Processing Credit Cards
      • Getting Started
        • Rules and Requirements
        • Setting Up a New Merchant ID
        • Changing Your Merchant Setup
        • Reporting Tools
      • Credit Card Processing Fees
      • Credit Card Support, Guides and Forms
    • Processing Cash and Checks
      • Armored Car Service
      • Cash Deposits
      • Lockbox Processing
      • Remote Deposit Capture
      • Spotting Counterfeit Currency
      • Spotting Forged Checks
    • Processing Wires and ACH Payments
    • Paying Vendors by Wire, ACH, or Draft
    • Unidentified Receipts
    • Policies and Training
    • Forms
  • Debt
    • Investor Relations
      • CU Debt Rating
      • Green Bonds
    • Internal Debt
      • Internal Borrowing Guidelines
      • Notice of Intent to Borrow for Capital Project
      • Internal Borrowing Rate
    • Private Use Compliance
      • Private Use Policy and Guidelines
      • Private Use Template: Cornell Staff Resource
      • Buildings Funded with Tax-Exempt Debt
  • forms
  • CU policies
  • training
  • KFS Support
  • e-SHOP

In this section

  • Processing International Funds
    • Int’l Currency Conversion
    • International Exchange Rates
  • Processing Credit Cards
    • Getting Started
      • Rules and Requirements
      • Setting Up a New Merchant ID
      • Changing Your Merchant Setup
      • Reporting Tools
    • Credit Card Processing Fees
    • Credit Card Support, Guides and Forms
  • Processing Cash and Checks
    • Armored Car Service
    • Cash Deposits
    • Lockbox Processing
    • Remote Deposit Capture
    • Spotting Counterfeit Currency
    • Spotting Forged Checks
  • Processing Wires and ACH Payments
  • Paying Vendors by Wire, ACH, or Draft
  • Unidentified Receipts
  • Policies and Training
  • Forms

Data Compromise Management

A data compromise event is illegal, unauthorized access to and theft of electronic data. Credit card data is very susceptible to cybercrime perpetrators since this information is very easy to resell on the black market. Therefore, it is very important to be alert to possible breaches in your systems.

The university has completed a PCI Incident Response Plan (PDF, 1 MB).

Types of Data Compromise Events

  1. Physical theft – receipts, hardware, or other documentation that contains card data
  2. Skimming – theft of card information in an otherwise legitimate transaction
    • Typically an “inside” job by a dishonest employee of a legitimate merchant
    • Procurement of card data using small electronic devices (skimmers) to swipe and store a victim’s card magnetic stripe information
  3. ​System intrusion – use of malicious and illegal means to obtain electronic access to payment processing systems or storage mediums

Unit-Level Incendent Response Plan | What To Do If Data Is Compromised | The University Incident Response Team

Unit-Level Incident Response Plan

Each unit is required to develop a plan that leads up to the point of contact with the two central offices. Everyone in the unit should be familiar with this plan, so that in the event of a potential compromise, important forensic data is not lost or tainted.

Top

What To Do If Data Are Compromised

Alert all necessary parties immediately!

  • Call Cash Management at (607) 254-1590 – this office will contact the merchant bank
  • Call the IT Security Office at (607) 255-6664 or email security-services@cornell.edu

Immediate Containment

  • Do NOT access or alter the compromised systems, i.e., do not log on at all to the machine and change passwords, and do not log in as ROOT
  • Unplug the power from the machine if it is running Windows, or shut the machine down carefully if it is UNIX/Linux-based, after confirming with an IT specialist
  • Preserve all merchant logs and electronic evidence
  • Make a record of all action taken, who took the action, and the date and time of the action
  • Disable the wireless interface on the compromised system if you are using a wireless network
  • Be on high alert and monitor all systems containing cardholder data

The IT Security Office (ITSO) will coordinate the investigation of the incident. The university is required to provide all potentially compromised accounts and related information to the processing bank within 10 days of the discovery of the breach. The ITSO will also collect the information necessary to create a formal incident report. Based on the findings of this report, there may be follow-up investigations by either the ITSO or by an independent forensic investigation team.

Be prepared to provide all potentially compromised accounts and related information, as requested by the processing bank, within 10 days of the breach.

Be prepared to provide an incident report (which will be forwarded to your unit by the University Treasurer’s office, as provided by the merchant bank) within three business days of the reported compromise.

The merchant bank and the credit card agencies will consult to determine whether an independent forensic investigation will be initiated on the compromised entity.

Top

The University Incident Response Team

When the IT Security Office becomes aware of a compromised system that was holding sensitive information, including PCI data, CIT analyzes the incident in depth and writes up a formal report. They then submit the report to the Data Incident Response Team (DIRT).

DIRT is a group of people representing a range of campus offices who review incidents with potential data loss, and make a determination about what action, if any, the university needs to take.

For data such as social security numbers and certain other personal identifiers, DIRT may be compelled by NYS regulation to notify the potentially impacted parties and report the incident to the state attorney general and other offices. The university can also elect to notify the people whose information is at risk, even if not legally bound to do so.

If there is significant likelihood of data loss, or if the group feels it would be productive to discuss the incident in depth, DIRT will convene, inviting individuals from the following:

  • The area where the incident occurred, the unit head (dean, vice president, vice provost) or his/her proxy, the local department head, local IT personnel involved with the incident, the unit's service group director and security liaison, and whomever else the department feels appropriate
  • The campus office with stewardship of the portion of our community whose personal information may be at risk (depending on the demographics involved, the VPs (or their proxies) for OHR, SAS, AAD, etc.) 

In this meeting, DIRT reviews the course and causes of the compromise, what was learned from the group's analysis, and what data was placed at risk. The group has always been able to reach a consensus on whether or not the university should notify the impacted individuals.

Top

Office of the Treasurer

260 Day Hall
Ithaca, NY 14853

CONTACT US

Email:  treasurer@cornell.edu
Wires/Payments: cashmanagement@cornell.edu
Hours: 8:00 a.m. - 5:00 p.m., Monday - Friday

 

  • DFS Home
  • CUInfo
  • Executive Vice President and CFO
  • University Audit Office
  • Office of University Investments
  • Division of Budget and Planning
  • Risk Management and Insurance
  • Cornell University Policy Office
  • Alliance for Diversity and Inclusion
  • Cornell United Way
  • Campus Alerts
  • COVID-19 Etiquette for Faculty and Staff

©2026 Cornell University

Web Accessibility Assistance