Skip to agency navigation
Skip to main content

Official Website

of the Commonwealth of Pennsylvania

    The .gov means its official.

    Local, state, and federal government websites often end in .gov. Commonwealth of Pennsylvania government websites and email systems use "pennsylvania.gov" or "pa.gov" at the end of the address. Before sharing sensitive or personal information, make sure you're on an official state website. 

    Cybersecurity incident reporting for businesses

    Reporting cybersecurity incidents is one of the key ways to prevent future incidents within our community. If you are a Pennsylvania business or within a critical infrastructure sector, use the resources on this page to learn how to report cybersecurity incidents and share indicators of compromise to protect others.

    Report to PA CyberCom

    We encourage all Pennsylvania businesses, government agencies, and those within critical infrastructure sectors to voluntarily report cyber incidents.

    If you are a Pennsylvania business and need a state or federal law enforcement referral, contact PA CyberCom at 833-707-3843.

    If you are a Pennsylvania business and experienced a cyberattack, such as:

    • Ransomware
    • Distributed Denial of Service (DDoS)
    • Business Email Compromise (BEC)

    please report such incidents to PA CyberCom to share indicators of compromise to help protect others. Report incidents to PACyberCom@pa.gov or by phone at 833-707-3843.

    PA CyberCom does not release sensitive or proprietary information of reporting partners. All reported data is anonymized to ensure privacy. If you have any questions about how we keep reported data anonymous, please contact us.  

    Report to federal partners

    Follow the appropriate links below to report incidents to federal agencies. Visit the CISA Critical Infrastructure Sector page for definitions.

    A power plant with smokestacks and cooling towers

    CISA

    If you are a critical infrastructure sector partner and need help in recovery, report the incident to the Cybersecurity & Infrastructure Security Agency (CISA).

    Contact CISA
    A close up of computer code on a screen

    FBI

    If you experienced a cyberattack, such as ransomware, Distributed Denial of Service (DDoS), or Business Email Compromise (BEC), report to the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3).

    Contact FBI
    The top of a tall building and sky

    FTC

    If you need to report consumer fraud, deceptive business practices, or other types of business fraud, report to the Federal Trade Commission (FTC).

    Contact FTC