If you have IT security questions or concerns, your first point of contact should be the  ICT Service Desk. Please submit a ‘Report an issue’ form and include as much detail as possible. 

If you have sensitive data, or feel uncomfortable about going through the Service Desk, you can contact the ICT Security Team directly using the following channels: 


Report a vulnerability 

Imperial’s IT security team welcome responsible disclosure of any vulnerability in our services. We are committed to verifying and responding to any legitimate reported vulnerability.

Disclosure guidelines

  • Please provide details of the vulnerability or security issue along with any information needed to reproduce.
  • Avoid violating the law, privacy, or any destruction, alteration or denial of our services.
  • Do not modify or access any data that doesn’t belong to you.
  • Allow us reasonable time to respond and fix the issue. We aim to reply to your initial contact within 2 business days.

Community members 

Please send an email to vulnerability@imperial.ac.uk with your name and contact information. We can provide encrypted channels over S/MIME or other mechanisms if required.

Please note this reporting policy is not permission to “hack” or “pen test” Imperial systems but provides a process to report issues legitimately discovered in the course of using our systems and services.