Change language:

Vulnerability reporting

Paragraphs

The safety of our customers' information and financial assets is our top priority. If you believe you have found a security vulnerability that could impact SEB or our customers, we encourage you to report this right away. We will investigate all reports and fix the problem as soon as we can.

Please note that discovering vulnerabilities cannot be used as an excuse for conducting any unlawful activities, privacy and confidentiality violations, destruction of data, and interruption or degradation of our services.


What to report?

You can report any doubts you have regarding cyber security, issues, incidents, and details of vulnerabilities that affect security and privacy associated with SEB services and systems.

If you think you have found vulnerability that allows unauthorized access to our customer private information, confidential data or any sensitive bank’s information, please stop further actions and report it to us as soon as possible.


How to report?

Please send email to vulnerability.reporting@seb.lv. Please include the following information, as applicable:

  • detailed description of the vulnerability (include full URL, entry fields, or other objects involved);
  • steps to reproduce the vulnerability (screenshot or video of steps taken);
  • your contact information for how to reach you with follow up questions.

We recommend encrypting email by using our PGP key:

SEB PGP public key


What to expect?

You'll receive an automatic reply from SEB to acknowledge that we received your report, and we’ll contact you if we need more information.

For the protection of our customers, SEB doesn't disclose or confirm security issues until our investigation is complete and any necessary actions taken to remediate it. We will inform you once the flaw will be completely remediated.

We are committed to timely correction of vulnerabilities. Please provide SEB with reasonable time to fix any reported issues, before such information is publicly disclosed.

SEB does not provide any financial reward for reporting vulnerabilities.


Can you report anonymously?

If you like, you can report anonymously.