How to Report a Security Incident or Vulnerability
Security incidents require a different response from standard support issues. Speed, confidentiality, and proper handling are critical. This article explains how to report and what happens next.
Types of Security Incidents
- Unauthorised access to your system or data
- Suspected data breach (personal data exposed or stolen)
- Ransomware or malware infection on systems we manage
- Discovered vulnerability in your production system
- Phishing or social engineering attack targeting users of your system
- Suspicious activity in logs or monitoring alerts
How to Report
- Do not discuss details in open channels — do not post in public Slack channels, email without encryption, or share on social media
- Call your PM or support line immediately for any active breach or suspected breach
- Raise a P1 support ticket in the portal with subject "SECURITY INCIDENT" — our team is trained to handle these with urgency and confidentiality
- Preserve evidence: Do not delete logs, emails, or system states that might be relevant — evidence is critical for investigation
What Happens After You Report
- Our security response team is engaged immediately
- We will contain the incident (isolate affected systems if needed)
- We will investigate the root cause
- We will communicate with you through a secure channel throughout
- If personal data has been breached, we will advise on your GDPR notification obligations (72-hour notification to ICO)
- We will provide a written incident report post-resolution
Vulnerability Disclosure
If you discover a vulnerability (not an active attack), report it confidentially to your Account Manager. We take responsible disclosure seriously and will investigate and remediate without penalising the reporter.