Report Incident

National Cybersecurity Reporting Hub

Report a Cybersecurity Incident

Share suspicious activity, fraud, malware, service disruption, or data exposure with the GCSA Security Operations Center. You may report anonymously.

Private evidence handling Structured triage workflow Anonymous reporting supported

Before you submit

  • Include timelines, systems affected, and what you observed.
  • Upload screenshots, PDFs, or images that help the SOC assess the incident.
  • If safety is at risk or critical systems are offline, contact the SOC immediately after submitting.
1

Reporter Information

Provide contact details if you want the SOC to follow up directly.

Your email and personal details become optional when anonymous reporting is enabled.
2

Incident Details

Provide enough context to support triage, classification, and response.

3

Evidence Upload

Accepted formats: JPG, PNG, PDF. Max 5MB each.

Upload up to 5 files. Evidence is stored outside the public web root.
4

Severity Level

Choose the closest impact level so the SOC can prioritize correctly.

5

Consent & Submission

GCSA processes incident data for assessment, coordination, and response support.

Privacy notice

You may report anonymously. Evidence and personal details are stored privately and are only accessible to authorized SOC personnel for incident handling and case management.

Reference IDs are generated automatically after submission.

What happens next

  1. Your report is logged and assigned a unique GCSA incident ID.
  2. The SOC reviews severity, evidence, and classification.
  3. Critical cases may be escalated for coordinated response.

Recommended evidence

  • Screenshots of suspicious messages or payment requests
  • PDF exports, logs, or account notifications
  • Dates, systems affected, and observed attacker behavior

SOC intake controls

  • CSRF protection
  • Rate limiting
  • Captcha verification
  • Private evidence storage