First published: 03 Dec 2021
Last updated: 24 Oct 2022

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure

The website, including the cyber incident reporting portal (ReportCyber), is operated by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC). The ACSC is part of the Australian Signals Directorate (ASD), an Australian Government agency

Rules binding persons accessing data stored on this site

The ASD's ACSC staff who operate this website and/or access any of the data collected by or through this website are subject to the Intelligence Services Act 2001 (Cth) and Rules to Protect the Privacy of Australians issued by the Minister responsible for ASD pursuant to section 15 of the Intelligence Services Act 2001 (Cth). The Privacy Act 1988 (Cth) does not apply to ASD with respect to the personal information you submit to, or is collected by, this website.

Information collected through this website

Website and other data tracking

 We use cookies (small files stored on your device) created both by us and third parties. Cookies allow us to:

  • Measure traffic and visitor behaviour
  • Understand the impact of our online advertising and social channels
  • Use remarketing and audience targeting

The cookies identify your browser or device, not you personally. No personal information is stored within cookies used by our website.

Examples of the information we might collect when you visit our website includes::

  • the operating system and browser you are using
  • the address of the referring site (the previous site you visited that linked to ours, typically a search engine)
  • your IP address (the network address of your internet connection)
  • the date and time of your visithow you interacted with our website (including pages you visited and files downloaded)
  • Demographic and interest reports may be generated including characteristics such as your age, gender and location

The information generated by the cookie may be transmitted to and stored by Facebook and Google, who may use this information for the purpose of compiling reports on website activity for us (or advertising agencies engaged to act on our behalf).

If you prefer not to receive cookies, you can adjust your browser settings. However, you may not be able to use the full functionality of the website.   

Our site is hosted on the Australian Government's GovCMS platform, administered by the Department of Finance. GovCMS administrators, log and monitor system usage as part of managing the platform.

Personal information (other than information submitted through ReportCyber)

When you email us personal information, or provide it to us via contact us:

  • we will record your email address and any other information submitted
  • we will use this information for the purpose for which you provide it
  • we will not disclose the information without your consent
  • we will not add your email address to a mailing list, unless provided by you specifically for that purpose.

If you fail to provide us with a minimum level of information (usually marked with an asterisk and, generally, including an email address) we may not be able to respond to you.

Personal information submitted through ReportCyber


When you make a cyber incident report through ReportCyber, the ASD's ACSC only collects as much personal information as is reasonably necessary to understand the incident that you are reporting. We collect that information so we are able to assess whether your report should be referred to a law enforcement agency or other entity and to enable us to provide the most effective mitigation advice.

Use and disclosure

By submitting a cyber incident report, you acknowledge your personal information may be provided to other government agencies and private sector organisations in Australia. These include Australian law enforcement (e.g. police) and regulatory agencies (e.g. ACCC), along with relevant companies (e.g. banks or telecommunications providers). We will only use or disclose your personal information for the purposes of detecting, investigating and preventing criminal activity and analysing cybercrime data. We choose who we share information with carefully and they may change over time.

The cyber incident reporting portal is not designed for reporting emergencies where an immediate police presence is required. However, if initial analysis of a cyber incident report indicates there may be an immediate threat to life, the report will immediately be referred to the appropriate police force for priority assessment and appropriate action.

Some of the organisations that we share your personal information with may contact you to gather further information or make further investigations. Any information you provide to those organisations outside the ReportCyber portal is governed by the privacy policies of those agencies.

In some cases we may need to provide your personal information to overseas law enforcement agencies as part of the criminal investigation process. We may also disclose your personal information to recipients overseas, under international agreements that relate to information between Australia and other countries.

Storage of information by ASD's ACSC

Personal information that you provide to the ASD's ACSC may be stored in cloud storage services operated by third parties, which could be located in Australia or overseas.

Links to other websites

This website contains links to other websites. We are not responsible for the privacy practices or the content of these linked sites and have no knowledge of whether cookies or other tracking devices are used on these linked sites.


Feedback is important and is used to evaluate and improve the website and the cyber incident reporting portal. To provide feedback, please contact us.

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it