PanicStation.org
UK USA
us Work & employment crises work calendar entries disappearing • outlook calendar events missing • work meetings vanished • calendar appointments deleted • shared calendar tampering • calendar invites cancelled • calendar entries removed • suspect coworker interference • possible it security incident • microsoft 365 calendar missing • exchange calendar changes • delegate access calendar • calendar permissions changed • workplace digital sabotage • meetings removed from calendar • calendar audit log • work schedule erased • unsure who changed calendar

What to do if…
you notice work calendar entries disappearing and you suspect interference

Short answer

Treat this as an internal IT/security incident: document what changed, then report it through your company’s IT/security channel so audit logs and recoverable items can be preserved before you make more changes.

Do not do these things

  • Do not confront or accuse a coworker (or send heated messages). It can escalate and complicate an investigation.
  • Do not delete more items, empty trash/deleted folders, or reinstall apps until IT has checked logs and recoverable items.
  • Do not change sharing/delegate permissions or access settings unless IT/security instructs you to (and capture evidence first if you safely can).
  • Do not move work calendar data to personal email, personal cloud storage, or a personal device.
  • Do not broadcast suspicions in team chat or on social media.

What to do now

  1. Write down what you noticed (2–5 minutes). Which entries disappeared, when you noticed, which calendar(s) (your own vs shared), and which devices/apps (desktop/mobile/web).
  2. Capture evidence without “fixing” anything yet.
    • Take screenshots showing missing entries/gaps, the calendar name/account, the date range you’re viewing, and any update notices on meeting invites.
    • Note the date/time you observed the changes.
  3. Do quick, low-risk checks for common causes.
    • Confirm you’re viewing the correct calendar and date range (and not a filtered view).
    • Check Deleted Items/Trash for the missing entries.
  4. If your setup offers “recover deleted” options, use them carefully.
    • If you use something like Recover Deleted Items, only do it after screenshots and only if you need urgent schedule continuity; write down exactly what you restored and when so IT can interpret logs correctly.
    • If you’re unsure, leave recovery to IT/admins.
  5. If you suspect account compromise, treat it as urgent.
    • If you’ve received unexpected MFA prompts, password reset emails you didn’t request, or “new sign-in/device” alerts, report that immediately through the security incident route and follow IT/security instructions.
  6. For shared calendars, document access.
    • Note who has edit rights/delegate access.
    • Screenshot the permissions list if you can view it.
  7. Report it through your org’s IT/security incident route (open a ticket).
    • Ask them to review audit logs for calendar deletions/changes and to preserve relevant logs/recoverable items.
    • If your org has a security team/SOC, request they treat it as potential unauthorized access until ruled out.
  8. Notify your manager (brief, factual, written).
    • Include the ticket number and the operational impact (missed meetings, client risk, schedule integrity).
    • Ask for a temporary workaround if needed (for example, having organizers re-send invitations) while IT investigates.
  9. If you think it’s tied to discrimination/harassment or retaliation under EEO laws, route it the right way.
    • Make a separate, factual report to HR (or your ethics/compliance hotline) describing the pattern and impact.
    • External options (like the EEOC or a state/local fair employment agency) are typically relevant only in that discrimination/harassment/retaliation context, and deadlines can be short and vary—so get advice promptly if you think that applies.

What can wait

  • You do not need to identify the person responsible right now—focus on preserving evidence and getting IT to verify what happened.
  • You do not need to decide today whether to escalate outside the company; start with IT/security and HR channels.
  • You do not need to rebuild your calendar immediately; recovery and audit review should happen first.

Important reassurance

Calendar issues are often caused by sync problems, accidental deletions, shared-calendar permissions, or automated policy changes. Taking calm, evidence-focused steps and involving IT/security early is the best way to protect yourself and get clarity.

Scope note

These are first steps to stabilize, preserve records, and trigger the correct internal investigation path. Later steps (HR escalation, compliance reporting, or external complaints) depend on what the technical review shows.

Important note

This is general information, not legal advice. Employer policies and state/federal protections vary; if you feel unsafe or believe you’re being targeted for a protected reason, consider getting independent advice from a qualified professional.

Additional Resources
Support us