Header

Sub Navigation

  Close Menu

Section

Breadcrumbs

Report a Cyber Incident

Cybercrime includes identity theft, cyber-attacks (such as ransomware, malware, denial of service, etc.), fraud, and violating privacy. Whether you are an organization experiencing a cyber-attack or an individual who is a victim of identity theft, follow the below steps to report the cybercrime and begin recovering.

New government reporting requirements: Indiana lawmakers recently passed legislation that will increase the amount of information sharing regarding cyberattacks and other threats across state agencies and local government. This new law requires public-sector entities to report incidents such as ransomware, software vulnerability exploitations, denial-of-service attacks and more. Learn more.

How do I report an incident if I am a government entity?

The law requires a primary contact for each governmental organization. Organizations can provide multiple contacts as long as they are authorized to report incidents and receive any information resulting from incident reporting.

Sign up to be a point of contact for your organization:

https://public.govdelivery.com/accounts/INIOT/signup/26666

Report a cybersecurity incident:

https://soi.formstack.com/forms/incident_reporting_form

IF YOU'RE  A LOCAL GOVERNMENT ORGANIZATION

  • Step 1: Contact Law Enforcement

    Law enforcement performs an essential role in achieving the nation’s and state’s cybersecurity objectives by investigating, apprehending, and prosecuting those responsible for a wide range of cybercrimes.

    If you are a victim of a cybercrime, contact a law enforcement agency right away.

    If you are reporting a cybersecurity incident that is not a crime, proceed to Step 2.

    Agencies include:

    • FBI - Internet Crime Complaint Center (IC3)
      The FBI Internet Crime Complaint Center's (IC3) mission is to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cybercrime. The IC3 gives the victims of cybercrime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations.
    • Indiana State Police (ISP)
      ISP’s Cybercrime & Investigative Technologies Section has detectives who specialize in conducting cybercrime investigations. If there is an immediate threat to public health or safety, the public should always call 911.
  • Step 2: Additional Reporting
    • Indiana Information Sharing and Analysis Center
      • IN-ISAC is an entity developed by the State of Indiana and key partners to mitigate cybersecurity risks among state agencies through the sharing of threat information and collaboration on strategies. It provides real-time network monitoring, vulnerability identification, and threat warnings. To report a cybersecurity incident, click here.
    • Indiana Attorney General
      • Indiana’s security breach notification statute requires organizations to provide Indiana residents with the right to know when a security breach has resulted in the exposure of their personal information. For more information and to report a security breach, click here.
    • Regulators
      • If you are an organization that is regulated, you may be required to report cybercrimes to other state or federal agencies.
    • Federal Government
  • Step 3: Know Your Resources
    • MS-ISAC Security Primer on Ransomware
    • CISA Tip Sheet on Ransomware
    • NGA Disruption Response Planning Memo
    • National Cybersecurity and Communications Integration Center (NCCIC)
      Department of Homeland Security’s NCCIC is a 24/7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement.
    • United States Computer Emergency Readiness Team (US-CERT)
      US-CERT provides secure means for the public to report incidents, phishing attempts, malware, and vulnerabilities as well as a variety of resources in how to handle certain cybercrimes.
    • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
      ICS-CERT works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among federal, state, local, and tribal governments and control systems owners, operators, and vendors.
    • National Institute of Standards and Technology (NIST)
      NIST’s Computer Security Incident Handling Guide assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
    • Ready.gov
      Ready.gov is a national public service campaign designed to educate and empower the American people to prepare for, respond to, and mitigate emergencies, including cybersecurity.
  • Step 4: Information Sharing

    If you are a victim of a cybercrime, it is important to share such information with other organizations in order to protect critical infrastructure, the state of Indiana, and our nation. Learn more about Cyber sharing.

IF YOU'RE AN ORGANIZATION

  • Step 1: Contact Law Enforcement

    Law enforcement performs an essential role in achieving the nation’s and state’s cybersecurity objectives by investigating, apprehending, and prosecuting those responsible for a wide range of cybercrimes.

    If you are a victim of a cybercrime, contact a law enforcement agency right away.

    Agencies include:

    • FBI - Internet Crime Complaint Center (IC3)
      The FBI Internet Crime Complaint Center's (IC3) mission is to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cybercrime. The IC3 gives the victims of cybercrime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations.
    • Indiana State Police (ISP)
      ISP’s Cybercrime & Investigative Technologies Section has detectives who specialize in conducting cybercrime investigations. If there is an immediate threat to public health or safety, the public should always call 911.
  • Step 2: Additional Reporting
    • Indiana Attorney General
      Indiana’s security breach notification statute requires organizations to provide Indiana residents with the right to know when a security breach has resulted in the exposure of their personal information. For more information and to report a security breach, click here.
    • Regulators
      If you are an organization that is regulated, you may be required to report cybercrimes to other state or federal agencies.
    • Federal Government
      This fact sheet, Cyber Incident Reporting: A Unified Message for Reporting to the Federal Government, further explains when what, and how to report a cybercrime to a number of federal agencies.
  • Step 3: Know Your Resources
    • MS-ISAC Security Primer on Ransomware
    • CISA Tip Sheet on Ransomware
    • NGA Disruption Response Planning Memo
    • National Cybersecurity and Communications Integration Center (NCCIC)
      Department of Homeland Security’s NCCIC is a 24/7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement.
    • United States Computer Emergency Readiness Team (US-CERT)
      US-CERT provides secure means for the public to report incidents, phishing attempts, malware, and vulnerabilities as well as a variety of resources in how to handle certain cybercrimes.
    • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
      ICS-CERT works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among federal, state, local, and tribal governments and control systems owners, operators, and vendors.
    • National Institute of Standards and Technology (NIST)
      NIST’s Computer Security Incident Handling Guide assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
    • Ready.gov
      Ready.gov is a national public service campaign designed to educate and empower the American people to prepare for, respond to, and mitigate emergencies, including cybersecurity.
  • Step 4: Information Sharing

    If you are a victim of a cybercrime, it is important to share such information with other organizations in order to protect critical infrastructure, the state of Indiana, and our nation. Learn more about Cyber sharing.

IF YOU'RE A VICTIM OF IDENTITY THEFT