i
Search
Join ASB
Bank accounts
Credit cards
Debit card
Business banking
Home loans
Personal loans
Business loans
Investment options
KiwiSaver
Term investments
Share trading
Home and contents
Car
Life and income
Health
Business
Foreign Exchange
Foreign Exchange for business
Moving to New Zealand
International business
Small business
ASB Business Hub
Rural
Commercial and corporate
Keeping you safe online
Emerging and common scams
Join ASB
Help and FAQs
Rates and Fees
Calculators and Tools
Terms and Conditions
Contact us
Financial Wellbeing
Regional Banking Hubs
About us
Careers at ASB
ASB Blog
Community
How-to Hub
Confirmation of Payee
Banking during severe weather
Support Hub

Reporting a cyber security threat

Keeping our information, systems and services secure is a top priority for ASB.

Responsible disclosure programme

We value insights from security researchers that may help us mitigate cyber security risk. Our responsible disclosure programme helps ensure any potential risk is managed promptly, safely and securely.
 
If you believe you have discovered a suspected cyber threat or security issue that affects the confidentiality, integrity or availability of ASB's information, systems or services ("vulnerability"), please submit a report to our security team using one of the methods below.
 
To ensure the protection of our customers, we treat all information regarding a vulnerability as confidential and ask that you do not publicly disclose, discuss or confirm the details of any suspected security issues.

How to report a security issue

Email our Cyber Security Team at vulnerability@asb.co.nz. If you feel the email should be encrypted you can download our PGP key here.

We recommend using this email structure to help us investigate your report:

  1. Affected product or service, including URL(s)
  2. Your name and contact information
  3. If you do not wish to provide your personal information, you may contact us anonymously or use a pseudonym
  4. Date, time and time zone of when the suspected vulnerability was discovered
  5. The IP address used when suspected vulnerability was discovered
  6. What steps to take to reproduce the vulnerability

What happens next?

You'll receive an automated reply when we receive your cyber security disclosure.
 
We will use the information you provide to enhance the security of our systems. We may also use the information in notifications to regulatory bodies, to comply with laws, and assist government or law enforcement agencies. This includes those of our parent company, Commonwealth Bank of Australia.

Phishing or scam content

Please do not use this disclosure programme to report phishing or scam attempts. If you've received a hoax or phishing email or text message, send it to phishing@asb.co.nz.

Prohibited research

We encourage security research on our products and services and welcome your feedback. Research with malicious intent is strictly prohibited, and includes:

  • Accessing or attempting to access accounts or information you are not authorised to
  • Any attempt to modify or destroy information
  • Sending or attempting to send unsolicited or unauthorised email or other types of messages
  • Conducting social engineering (including phishing) of ASB employees, contractors, customers or any other related party
  • Posting, transmitting, uploading, linking to, sending or storing malware that could impact our services, products or customers
  • Exfiltration, disclosure or use of any proprietary or confidential information or data of ASB (including customer data) under any circumstances
  • Clickjacking
  • Any physical attempts against ASB property
  • Weak or insecure SSL ciphers and certificates
  • Any attempts of a Denial of Service (DoS)
  • Any activity or attempt to gain unauthorised access to ASB software or systems in violation of law

ASB does not waive any rights or claims with respect to such activities.

Privacy

If you have provided your personal information in your email to us, we may contact you for more information to assist us with investigating your disclosure.
 
For more information about how we handle your personal information, refer to our ASB Privacy Statement.

Recognition

ASB does not compensate individuals or organisations for identifying potential or confirmed security vulnerabilities. We sincerely thank all researchers who have helped keep our customers and communities safe by reporting security vulnerabilities.

Back to top
© ASB Bank Limited Contact us Terms & Conditions Privacy Disclosure Statements Notices
Clear

Did you mean: ?