Reporting
Report all cyber incidents immediately to your relevant authority. Because a ransomware incident usually means some form of data breach has happened, you should inform these external supervisory authorities (if applicable).
Information Commissioner’s Office (ICO)
If personal data is involved, you must inform the ICO within 72 hours. Give as much information as you can about:
- the nature of the breach
- how and when it occurred
- people impacted
- actions taken
- relevant contact details
Local police authorities
Contact your local police authority if you suspect a financial or safeguarding impact.
Report Fraud
Visit Report Fraud's website or call 0300 123 2040.
Other contacts
Department for Education RPA team
If you are a member of the RPA membership scheme, contact the RPA Emergency Assistance Helpline:
- email rpa.dfe@education.gov.uk
- call 0800 368 6378
Service providers If the breach affected a third-party service or system, let the service providers know. They should be involved in a coordinated response to the incident.
Insurance providers If you have private insurance and your coverage includes cyber incidents, contact your insurer. They may provide direct recovery assistance.