Guidance

What to do if your domain name is compromised

Check who to contact if you think your domain is compromised.

• From: Government Digital Service, Department for Science, Innovation and Technology and Central Digital and Data Office
• Published: 19 December 2019
• Last updated: 30 June 2022 — See all updates

Domain names are regularly attacked and sometimes compromised within the domain name system (DNS). You must work with your IT team or supplier to keep your domain name secure and take action if attackers have compromised your domain name.

Contact your .gov.uk Approved Registrar or DNS supplier immediately if any services like your website or email go offline or look like they may have been compromised by a malicious attacker

If your supplier confirms that your domain has been compromised you must immediately:

• report the incident to the National Cyber Security Centre and follow any advice.

• email support@domains.gov.uk if you are a UK public sector organisation

• notify any other regulatory bodies for example the Information Commissioner’s Office, when necessary.

Threats can escalate quickly and cause irreparable damage. If the Domains Team finds a severe vulnerability we may make emergency changes to your domain to protect any impacted public sector services.

Published 19 December 2019

Last updated 30 June 2022 + show all updates

1. 30 June 2022

   Restructured to confirm you should contact your supplier in the first instances and then take additional steps if necessary

2. 5 May 2021

   The Domain Management team has now moved to the Central Digital and Data Office. This update removes any references to the Government Digital Service (GDS).

3. 19 December 2019

   First published.