Cookies

The website of a.s.r. uses cookies. We always place cookies, for example to make the website work properly and to be able to analyze the website completely anonymously. In addition, we place cookies that are not necessary, but are useful. With this you can give feedback or share our information on social media. Or to be able to show relevant advertisements on third-party websites. These cookies may collect data outside of our website. By clicking on 'Agree' you agree to the placing of these cookies. If you want to indicate which cookies you give permission for click on 'Change my settings'. Learn more? Read our cookie policy.

Change my settings
Ad blocker detected

It looks like you are using an ad blocker. Because of this you are unable to choose which cookies we can place. Therefore we will only place functional cookies.

{ "menu": { "text": "Menu" } }
Digital vulnerability reporting centre

Digital vulnerability reporting centre

At a.s.r., the digital security of our customers is very important to us. Despite our care for the security of our systems, there may still be a vulnerability.

This reporting desk is not an invitation to actively discover vulnerabilities. a.s.r. actively monitors its own corporate network for security incidents itself. Please tell us if you have found a vulnerability in any of our systems, so that we can take action as soon as possible. 

In that case, we hereby request you to:
  • Email the findings to the digital vulnerabilities reporting desk. Encrypt your findings with our PGP key to prevent the information falling into the wrong hands.
  • Provide sufficient information to reproduce the problem so that we can fix it as soon as possible. Usually, stating the IP address or URL and the parameters used of the affected system and a description of the vulnerability is sufficient, but more may be needed in case of more complex vulnerabilities.
  • Abstain from exploiting the problem by, for example, downloading more data than necessary to demonstrate the leak or viewing, deleting or modifying third-party data.
  • Not to share the problem with others until it is fixed and delete all confidential data obtained through the leak immediately after the leak has been stopped.
  • Not to use physical security attacks, social engineering, distributed denial of service, spam or third-party applications.
What we promise:
  • We will respond to your report with our assessment of the report and an expected date for its resolution.
  • We will treat your report confidentially and will not share your personal data with third parties without your consent unless necessary to comply with a statutory obligation. Reporting under a pseudonym is possible.
  • We will keep you updated on the progress of resolving the issue, unless the finding has been reported before. In that case we will inform you that this is the case.
  • To thank you for your help, we offer a token of appreciation for any report of a security problem we were not aware of. This token of appreciation will be determined based on the severity of the leak and the quality of the report.
  • If you comply with the above conditions, we will not take any legal action against you regarding the report.

We aim to resolve all issues as soon as possible and we are happy to be involved in any publication about the problem after the reported issue has been resolved.

Privacy

For more information on personal data processing and privacy, we refer to our privacy statement.

What not to report:

The reporting desk is not intended for: