Report a data security breach

Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.

What information are you providing?

Completed monthly log Initial notification of a security breach (within 24 hours) Second notification with further detail (within 3 days) Follow-up notification with outstanding details

Monthly log

If there have been personal data breaches, please attach your completed breach log below. If there have not been any personal data breaches during this month, you can email a 'nil return' to datasecuritybreach@ico.org.uk. As nil returns do not need to be sent securely, you do not need to use this form.

Breach log

Initial notification of a security breach

Use this form for the first notification within 24 hours of detecting a breach.

When did this breach occur?

On or between ...

Day

Month

Year

... and

Day

Month

Year

When was the breach first detected?

Day

Month

Year

Briefly describe the breach (eg theft, loss, copying)

What is the nature and content of the personal data concerned?

What technical and organisational security measures have you applied (or were to be applied) to the affected personal data?

Were other providers involved?

Information to provide now if possible

You should provide the following information now, if possible. If not, you must send a second notification form within three days.

Second notification of a security breach (providing further detail)

You should have already sent an initial notification with as much information as possible. Please now provide further detail. For each question, please add any further details since your initial notification. Please tell us if any details have changed. If you cannot provide any of the information we ask for now, you should explain why, and send a follow up form as soon as possible.

Follow up notification with any outstanding details

You should have already sent an initial notification and second notification with as much information as possible. Please now provide any further remaining details.

When did this incident occur?

On or between ...

Day

Month

Year

... and

Day

Month

Year

Summarise the incident that caused the breach (optional)

Did the breach occur in response to a Regulation of Investigatory Powers Act request?

Yes No

What was the physical location of the breach and the storage media involved? (optional)

How many individuals were affected? (optional)

What are the potential consequences and adverse effects on those individuals? (optional)

What technical and organisational measures have you taken to mitigate those potential adverse effects? (optional)

Please provide the content of any notification to customers (you can attach this at the end of this form or provide it here) (optional)

How were customers notified (eg by email)? (optional)

How many customers were notified? (optional)

Does the breach affect individuals in other EU member states? If so, which states? (optional)

Have you notified any other data protection authorities (if so, which ones)? (optional)

Have you provided all the information we have asked for?

Yes No

Please attach any other relevant supporting information (optional)

About you (the service provider)

Organisation name

Who should we contact?

Name

Job title

Enter email address

Confirm email address

Phone

Address

Street

Town or city

County

Postcode

Country