Log in links for this page

Report a cybersecurity incident

Learn how government employees and people who live in Massachusetts can report a cybersecurity threat.

You play a critical role in maintaining a secure environment and protecting your own and the Commonwealth’s sensitive information, assets, and reputation. An important way to protect yourself and others from cybersecurity incidents is to watch for them and report any that you find.

The best way to prevent a cyber incident is to become cyber aware to prevent and detect incidents.  Visit our Cybersecurity Best Practices for tips on how to protect yourself. 

Learn how people who live in Massachusetts and government employees can report a cybersecurity threat. 

Table of Contents

How a state employee can report a cybersecurity incident

Hands on keyboard


You can use the Incident Reporting System to report computer security incidents to EOTSS. Your timely reports help analysts handle your security incidents and conduct improved analysis. If you are a state employee, report cybersecurity incidents immediately. 

If you suspect you may have been the victim of an online scam or encounter any questionable activity please email eotss-soc@mass.gov.

If you believe you have received a phishing email, follow these steps to report it.

If you want to report a data or security breach pursuant to M.G.L. c. 93H, follow these steps.

Where anyone can report a cybersecurity incident

Personal cybersecurity incident

Everyone in Massachusetts can help protect data and personal information from sophisticated cyber fraud and social engineering attacks.   Promote an environment where everyone is invested in cyber safety. 

If you think you've been the victim of a cyberattack: 

Cancel cards and contact the bank:

  • Contact banks, credit card companies and other financial services companies where you hold accounts. You may need to place holds on accounts that have been attacked. Close any unauthorized credit or charge accounts. Report that someone may be using your identity. 

If you think your identity or Social Security Number is compromised:

Make a report with Law Enforcement:

  • File a complaint with the FBI Internet Crime Complaint Center (IC3). They will review the complaint and refer it to the appropriate agency. 

  • File a report with the local police so there is an official record of the incident. 

If someone claims to be a government agent:

Report online fraud or crime:

Financial or business related cybersecurity incident

To report a cybersecurity threat in the financial services industry, you should contact your primary regulator, the Financial Crimes Enforcement Network (FinCEN) and government entities.  

  • Report to your primary regulator: You should immediately notify your primary regulator after becoming aware of a cyber incident. The cyber incident may involve unauthorized access and/or use of confidential consumer information. 

  • Report to the Financial Crimes Enforcement Network: FinCEN and law enforcement use financial institution SAR filings to start investigations. SAR filings are also used to identify criminals and disrupt criminal networks. 

  • Report to Government entities: The Division of Banks encourages your financial institution to voluntarily report suspected or confirmed cyber incidents to a federal government organization. Relevant government organizations include the Department of Homeland Security and the Department of Justice. 

  • If you think your business has been impacted, use the CISA Incident Reporting System  

Recognizing a cyber incident or cyber threat

Person typing on keyboard

What is a cybersecurity incident

A cybersecurity “incident” is defined by the Federal Information Security Modernization Act of 2014 (44 USC 3552), as something that: 

  • actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or 

  • constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. 

You can review federal incident notification guidelines, definitions and reporting timeframes at https://www.us-cert.gov/incident-notification-guidelines.

System damage, data breaches, or unauthorized use 

A cyber incident is a malicious attempt to access or damage a computer or network system. Cyber incidents can lead to the loss of money or the theft of personal, financial and medical information, damaging your reputation, identity and safety.  In general, types of activity that are commonly recognized as being in violation of a typical security policy include but are not limited to: 

  • Attempts (either failed or successful) to gain unauthorized access to a system or its data 

  • Instances of Personal Identifiable Information (PII) data breach incidents  

  • Unwanted disruption or denial of service 

  • The unauthorized use of a system for processing or storing data changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent. 

Phishing

Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. 

Malware or a Vulnerability 

Malware refers to software programs designed to damage or perform unwanted actions on a computer system. Examples of malware are viruses, worms, Trojan horses, and spyware. 

Suspicious Calls and Phone Scams 

A suspicious phone call or phone scam can sometimes come across as a threat to you or a loved or someone who sounds familiar and tries to convince you to give up some personal or information like a bank account number.  

If you are receiving suspicious phone calls or are the victim of a phone scam, please visit the Federal Trade Commission’s Consumer Information on how to recognize phone scams, how to stop callers from contacting you, and reporting phone scams and unsolicited phone calls. 

Contact   for Report a cybersecurity incident

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov

Address

McCormack Building
1 Ashburton Place, 8th Floor, Boston, MA 02108

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback