Details

Why Proximus believes in Responsible Disclosure

Proximus is continuously working on improving the performance and security of its networks and IT systems. The privacy of our customers’ data is hereby respected at all times. Despite all the measures, a security vulnerability may occur in one of our systems or networks. Have you discovered such a security issue or found evidence of it, let us know. We would like to collaborate with you to solve this problem as quickly as possible.

Some agreements

To prevent any kind of abuse by others of the potential vulnerability, we ask you to always respect the following guidelines of our Responsible Disclosure policy when sending a notification :

Report your findings to the Proximus Cyber Security Incident Response Team (CSIRT) only by using the form report a security problem. You can send this in 3 languages: Dutch, French or English.
If it concerns sensitive information and you wish therefore to send your message encrypted, please use the Key ID of PXS-CSIRT and send an e-mail to [email protected].

Key ID : 5D0B022A7CFBC5B3 Length : 2.048 Fingerprint: 8671 CBF3 C010 E4F0 676A 9CD7 5D0B 022A 7CFB C5B3

You prefer to stay anonymous? No problem, but we ask you nonetheless to mention an anonymous mailbox (gmail, hotmail, yahoo, etc.), so we can contact you for additional questions or feedback.
Be complete and provide detailed information of the security issue (a clear description including IP addresses, log entries, visited pages and URLs, screenshots, how to recreate the problem, etc), so we can investigate it thoroughly.
Don’t use any automatic scanners and do not change any data or system settings. Please ensure that any research you perform should not harm the operational performance of our systems. DDoS or social engineering attacks, installation of malware or viruses, password theft, fraud, phishing e-mails, spam, etc. will be considered as an offense and be transmitted to the judicial authorities.
Do not misuse the encountered security problem and do not share concerning information with the media or other channels before or after it has been restored. Possible publications are only under explicit agreement and in collaboration with Proximus. Should this however happen, we will be forced to inform the judicial authorities.

What can you test?

Suspected security vulnerabilities that can be misused for illegal purposes and which occur:

On our sites (www.proximus.com; www.proximus.be; www.scarlet.be; www.tango.lu; www.bics.com; www.telindus.com & www.skynet.be)
Within our products and services, IT-systems and networks

What can you expect from Proximus?

Proximus appreciates your help in optimizing the security of its systems and networks. That's why we will do our utmost to have all contacts in a fair and respectful way:

If you report us a security problem, we will get in touch with you within 2 working days. It goes without saying that we can reach you via the e-mail address or other contact information you left behind. We also keep you informed of further developments.

Why Proximus believes in Responsible Disclosure

Some agreements

To prevent any kind of abuse by others of the potential vulnerability, we ask you to always respect the following guidelines of our Responsible Disclosure policy when sending a notification :

Report your findings to the Proximus Cyber Security Incident Response Team (CSIRT) only by using the form report a security problem. You can send this in 3 languages: Dutch, French or English.

If it concerns sensitive information and you wish therefore to send your message encrypted, please use the Key ID of PXS-CSIRT and send an e-mail to [email protected].

Key ID : 5D0B022A7CFBC5B3 Length : 2.048 Fingerprint: 8671 CBF3 C010 E4F0 676A 9CD7 5D0B 022A 7CFB C5B3

You prefer to stay anonymous? No problem, but we ask you nonetheless to mention an anonymous mailbox (gmail, hotmail, yahoo, etc.), so we can contact you for additional questions or feedback.

Be complete and provide detailed information of the security issue (a clear description including IP addresses, log entries, visited pages and URLs, screenshots, how to recreate the problem, etc), so we can investigate it thoroughly.

Don’t use any automatic scanners and do not change any data or system settings. Please ensure that any research you perform should not harm the operational performance of our systems. DDoS or social engineering attacks, installation of malware or viruses, password theft, fraud, phishing e-mails, spam, etc. will be considered as an offense and be transmitted to the judicial authorities.

Do not misuse the encountered security problem and do not share concerning information with the media or other channels before or after it has been restored. Possible publications are only under explicit agreement and in collaboration with Proximus. Should this however happen, we will be forced to inform the judicial authorities.

What can you expect from Proximus?

Proximus appreciates your help in optimizing the security of its systems and networks. That's why we will do our utmost to have all contacts in a fair and respectful way: