Skip to main content
Resources

Notice of Bankruptcy, Convictions and Security Breaches

The Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to notify ICANN within seven days of bankruptcy, certain convictions, and security breaches involving registrant account information or registration data. Additional information on this requirement is in Section 3.20 of the RAA.

To notify ICANN about one of these occurrences, please email [email protected],

Subject: Registrar Bankruptcy, Conviction or Security Breach.

Reporting template for Registrar Security Breach:

Registrar Name:
IANA ID:
Date of Incident:
Time of Incident (UTC):
Date of incident report to ICANN:
Detailed description of the type of unauthorized access:
Type of security breach: breaches of registrar systems, or unauthorized release of data by the registrar itself, or unauthorized access/disclosure due to individual registrants losing control over their credentials in a way not attributable to their registrar's systems or controls
How the incident occurred:
Number of registrants affected:
Number of domain names affected:
Any action taken by Registrar in response:

Cause of breaches identified
Time Period # of Breaches Reported # of Registrars Affected # of Registrants Affected # of Domains Affected Due to breaches of registrar systems: Due to unauthorized release of data by the registrar itself: Due to unauthorized access/disclosure due to individual registrants losing control over their credentials in a way not attributable to their registrar's systems or controls:
Jan to Mar 2025 0 0 0 0 0 0 0
Apr to June 2025 3 3 689,826 1,267,551 2 1 0
July to Sep 2025 0 0 0 0 0 0 0
Oct to Dec 2025              
Jan to Mar 2026              
Apr to June 2026              
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."