Ways to Report an Incident to CERTuy
Guías
According to Article 78 of Law No. 20.212, regulated by Decree 66/025, Article 10, public and private entities linked to critical services or sectors must report incidents to CERTuy within 24 hours of detection. Organizations not associated with the defined critical sectors may also report incidents to CERTuy, which will be addressed according to the Unit's priorities.
Reports should be submitted immediately, providing as much information as possible. Evidence should not be altered, and the system should be preserved in the same condition as when the incident or anomaly was detected, unless urgent action is required.
This allows the CERTuy team to analyze the situation accurately, provide a better diagnosis, and respond more efficiently.
Ways to Report an Incident to CERTuy
· Via the incident report form: access the form
- By email to: cert@cert.uy, providing at least the following information: name, contact method, organization, and a description of the issue.
- By phone: (+5982) 150 2378 in urgent cases.
Other Reporting Channels Depending on the Case
- Cybercrime Unit (National Police)
If an incident is identified, a report must be filed with the Cybercrime Unit to initiate the corresponding judicial investigation.
Email: cibercrimen-dsi@minterior.gub.uy / Phone: (+598) 2030 4625/32 - Regulatory and Control Unit for Personal Data (URCDP)
If personal data is suspected or confirmed to be affected, the incident must be reported to the URCDP within 72 hours, as established in Article 4 of Decree No. 64/020.
Access information on the complaint process before the URCDP
It is important to emphasize that all actions will be carried out with a strong commitment to protecting the reporter’s personal data, in line with current regulations. Incidents will be treated anonymously when analyzed with third parties.