You can report vulnerabilities in our services, such as:
If the vulnerability has a low or accepted risk, Achmea may decide not to give a reward for its disclosure. Examples of these vulnerabilities are listed below:
The absence of one or several of the following HTTP Security Headers:
We would like to ask you to only share the problem with Achmea's experts and to refrain from making it public. In this way, we can keep our clients' data safe. We appreciate it if you give us time to solve the problem.
When you investigate a vulnerability, please do not damage the software. You are not permitted to disclose information to anyone except Achmea. Moreover, it is not allowed to interrupt our services deliberately because you are investigating a problem.
It is possible that you do something which is illegitimate in your investigation. If you are acting in good faith, with due care and in accordance with the rules below, you will not be prosecuted.
We would like to ask you:
If you have reported the problem anonymously, we will be unable to keep you informed. In that case, we will not be able to give you a reward either.
This Responsible Disclosure Scheme is neither meant for lodging complaints, nor must it be used for reporting:
Report a vulnerability by filling in the form at the bottom of the page.
The following brands are covered by this programme:
The following subsidiaries are covered by this programme:
The following initiatives are covered by this programme: