Riportio Seiberdrosedd
Sut i riportio hacio, twyll ar-lein a seiberdroseddau eraill.
Trosolwg
Cybercrime covers a wide range of criminal activity involving computers, networks, and the internet. In England & Wales, cybercrime is primarily prosecuted under the Computer Misuse Act 1990 and the Fraud Act 2006. Reporting is handled by Action Fraud (the UK's national fraud and cybercrime reporting centre) and the National Cyber Security Centre (NCSC) for significant incidents. The police's National Crime Agency (NCA) investigates serious and organised cybercrime.
Pwy all ddefnyddio'r broses hon
- Any individual or business that has been a victim of cybercrime can report
- Reports can be made by the victim or a representative
- Businesses experiencing cyber attacks should also report to the NCSC
Proses gam wrth gam
Identify the Type of Cybercrime
Common types include: hacking (unauthorised access to computers/accounts — Computer Misuse Act s.1), ransomware, phishing, online fraud (Fraud Act 2006), identity theft, distributed denial-of-service (DDoS) attacks, and malware.
- Preserve any evidence — screenshots, emails, log files, transaction records
Report to Action Fraud
Report online at actionfraud.police.uk or call 0300 123 2040. Action Fraud is the UK's central reporting point for fraud and cybercrime. You will receive a crime reference number.
- Reports are assessed by the National Fraud Intelligence Bureau (NFIB) and may be referred to a local police force for investigation
Report Significant Cyber Incidents to NCSC
If you are a business or organisation experiencing a significant cyber attack, report it to the National Cyber Security Centre at ncsc.gov.uk/report. The NCSC provides incident response guidance and may assist with major incidents.
- The NCSC Cyber Incident Signposting Site helps small businesses find appropriate support
Secure Your Systems
Change compromised passwords immediately. Enable two-factor authentication. Run malware scans. Disconnect affected devices from the network if actively compromised. Consider engaging a professional cyber incident response team for serious breaches.
Report Data Breaches to the ICO
If personal data has been compromised, the organisation responsible may need to report the breach to the Information Commissioner's Office (ICO) within 72 hours under the UK GDPR (Article 33). Individuals whose data has been compromised should be notified if there is a high risk to their rights and freedoms.
Costau
Rhybuddion pwysig
Do not attempt to 'hack back' or access the attacker's systems — this would be a criminal offence under the Computer Misuse Act 1990.
If you suspect a cyber attack is in progress, do not delay — report immediately and take steps to contain the damage.
Businesses have regulatory obligations to report data breaches — failure to do so can result in ICO enforcement action and significant fines.