Report a cybersecurity incident

You can use the Incident Reporting System to report computer security incidents to EOTSS. Your timely reports help analysts handle your security incidents and conduct improved analysis. If you are a state employee, report cybersecurity incidents immediately. 

If you suspect you may have been the victim of an online scam or encounter any questionable activity please email eotss-soc@mass.gov.

If you believe you have received a phishing email, follow these steps to report it.

If you want to report a data or security breach pursuant to M.G.L. c. 93H, follow these steps.

Personal cybersecurity incident

Everyone in Massachusetts can help protect data and personal information from sophisticated cyber fraud and social engineering attacks.   Promote an environment where everyone is invested in cyber safety. 

If you think you've been the victim of a cyberattack: 

Cancel cards and contact the bank:

• Contact banks, credit card companies and other financial services companies where you hold accounts. You may need to place holds on accounts that have been attacked. Close any unauthorized credit or charge accounts. Report that someone may be using your identity. 

If you think your identity or Social Security Number is compromised:

• Contact the Office of the Inspector General (OIG) 

• Report identity theft to the Federal Trade Commission

• The Social Security Administration (800-269- 0271)

• The Registry of Motor Vehicles if your driver's license or car registration has been stolen 

Make a report with Law Enforcement:

• File a complaint with the FBI Internet Crime Complaint Center (IC3). They will review the complaint and refer it to the appropriate agency. 

• File a report with the local police so there is an official record of the incident. 

If someone claims to be a government agent:

• Report fraud with Federal Trade Commission (FTC) if you receive messages from anyone claiming to be a government agent. 

Report online fraud or crime:

• Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center. 

• Report a cybersecurity incident or threat to Cybersecurity Infrastructure Security Agency (CISA) 

• If you believe you have been a victim of unemployment benefits fraud, please report it using this form to the Department of Unemployment 

Financial or business related cybersecurity incident

To report a cybersecurity threat in the financial services industry, you should contact your primary regulator, the Financial Crimes Enforcement Network (FinCEN) and government entities.  

• Report to your primary regulator: You should immediately notify your primary regulator after becoming aware of a cyber incident. The cyber incident may involve unauthorized access and/or use of confidential consumer information. 

• Report to the Financial Crimes Enforcement Network: FinCEN and law enforcement use financial institution SAR filings to start investigations. SAR filings are also used to identify criminals and disrupt criminal networks. 

• Report to Government entities: The Division of Banks encourages your financial institution to voluntarily report suspected or confirmed cyber incidents to a federal government organization. Relevant government organizations include the Department of Homeland Security and the Department of Justice. 

• If you think your business has been impacted, use the CISA Incident Reporting System  

What is a cybersecurity incident

A cybersecurity “incident” is defined by the Federal Information Security Modernization Act of 2014 (44 USC 3552), as something that: 

• actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or 

• constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. 

You can review federal incident notification guidelines, definitions and reporting timeframes at https://www.us-cert.gov/incident-notification-guidelines.

System damage, data breaches, or unauthorized use 

A cyber incident is a malicious attempt to access or damage a computer or network system. Cyber incidents can lead to the loss of money or the theft of personal, financial and medical information, damaging your reputation, identity and safety.  In general, types of activity that are commonly recognized as being in violation of a typical security policy include but are not limited to: 

• Attempts (either failed or successful) to gain unauthorized access to a system or its data 

• Instances of Personal Identifiable Information (PII) data breach incidents  

• Unwanted disruption or denial of service 

• The unauthorized use of a system for processing or storing data changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent. 

Phishing

Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. 

Malware or a Vulnerability 

Malware refers to software programs designed to damage or perform unwanted actions on a computer system. Examples of malware are viruses, worms, Trojan horses, and spyware. 

Suspicious Calls and Phone Scams 

A suspicious phone call or phone scam can sometimes come across as a threat to you or a loved or someone who sounds familiar and tries to convince you to give up some personal or information like a bank account number.  

If you are receiving suspicious phone calls or are the victim of a phone scam, please visit the Federal Trade Commission’s Consumer Information on how to recognize phone scams, how to stop callers from contacting you, and reporting phone scams and unsolicited phone calls.