Lena E wrote:

Rene and others, We understand that this is more than an inconvenience and was startling to many of you. The issue has been resolved and I will be updating the Community with more information about this site incident and the impact as soon as I have all the details. I do understand your urgency, and appreciate your patience in the interim. -Lena

"There are certain incidents that organisations need to tell us about. Use this page if you are an organisation that has experienced one of the following types of incident and need to report it to the ICO:

a personal data breach under the GDPR or the Data Protection Act 2018;

a Privacy and Electronic Communications Regulations (PECR) security breach by a telecoms or internet service provider;

a potential breach of the NIS Directive; or

a potential breach of the eIDAS Regulation

GDPR or DPA 2018 personal data breach

From 25 May 2018, if you experience a personal data breach you need to consider whether this poses a risk to people. You need to consider the likelihood and severity of any risk to people’s rights and freedoms, following the breach. When you’ve made this assessment, if it’s likely there will be a risk then you must notify the ICO; if it’s unlikely then you don’t have to report it. You do not need to report every breach to the ICO.

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.

For more information about what a personal data breach is and when you need to report it to us, please see the personal data breach pages of our Guide to the GDPR or if you are processing personal data for law enforcement purposes please see our Guide to Law Enforcement Processing.

You can also voluntarily report data security breaches that occurred before 25 May 2018, following the same process for reporting breaches of the DPA 2018."

Source: https://ico.org.uk/for-organisations/report-a-breach/