www.cimbniaga.co.id production
dropsvg

Pilih Tujuanmu

/content/dam/cimb/revamp/cimb-logo/logo-cimb-personal.svg /content/dam/cimb/revamp/cimb-logo/logo-cimb-syariah.svg /content/dam/cimb/revamp/cimb-logo/cimb-finance.svg /content/dam/cimb/sekuritas/sekuritas-white.png
ID EN

Kamu dapat merubah warna website ini sesuai dengan Mood dan kenyamananmu.

Default
Brave
Warm
BizChannel@CIMB OCTO Clicks
Online Booking Kontak 14041 Preferred Service Assistant Whistleblowing OCTO Chat

Lebih mudah temukan kebutuhan Anda

Mendambakan masa depan

Mendambakan masa depan

Pencarian Populer

Vulnerability Disclosure Program Policy 


The safety and security of our customers’ data, and the reliability of our products and services, are of most importance to PT Bank CIMB Niaga (“CIMB NIAGA”). Therefore, we aim to design and make products and services with the highest levels of security and reliability. Despite our best efforts, due to the highly complex and sophisticated nature of our products and services, vulnerabilities and errors may still be present in our products and services.

This policy describes CIMB Niaga approach to requesting and receiving reports related to potential vulnerabilities and errors in our products and services from those that interact with such products and services.

We welcome responsible reports on security issues that help us reduce risks and strengthen our environment. Customers, users, researchers, partners and any other person that interacts with CIMB Niaga products and services are encouraged to report identified vulnerabilities and errors with such products and services.

Please submit the vulnerability reports by using the form present on this page.

Please note that supplying your contact information with your report is entirely voluntary and at your discretion. You can be assured that CIMB NIAGA will only use such information to clarify the details of your report with you, if necessary. To learn more about our general privacy policy, please visit: https://www.cimbniaga.co.id/id/tentang-kami/pemberitahuan-privasi.

We truly appreciate your time and effort in helping us improve our security. Please note that this VDP is not a bug bounty program. While we value all responsible reports, CIMB NIAGA does not offer financial rewards or guarantees compensation. Response and remediation timelines may vary depending on the nature and severity of the report.

By making a report to CIMB NIAGA using the form on this page, or otherwise communicating a report to CIMB NIAGA, regarding vulnerabilities and errors, you agree to the following terms:

CIMB NIAGA may use your report for any purpose deemed relevant by CIMB NIAGA, including without limitation, for the purpose of correcting any vulnerabilities and errors that are reported and that CIMB NIAGA deems to exist and to require correction. To the extent that you propose any changes and/or improvements to a CIMB NIAGA product or service in your report, you assign to CIMB NIAGA all use and ownership rights to such proposals.

You confirm to CIMB NIAGA that:

  • You have conducted testing in a responsible, non-destructive, and non-exploitative manner. 
  • You have not exploited the vulnerability beyond what it is necessary to demonstrate the existence (other limited to the purposes of reporting to CIMB NIAGA);
  •  You have not engaged, and will not engage, in testing/research of systems with the intention of harming CIMB NIAGA, its customers, employees, partners or suppliers;
  • You have not used, misused, deleted, altered or destroyed, and will not use, misuse, delete, alter or destroy, any data (including personal and/or confidential data) that you have accessed or may be able to access in relation to the vulnerability and/or error discovered;
  • You will stop testing immediately if you encounter unintended access to data or impact system functionality.
  • You will not conduct any activities that threaten CIMB Niaga security or operations, including but not limited to social engineering, phishing, denial-of-service, malware, unauthorized data access, or resource exhaustion.
  • You confirm that your report is provided in good faith without any threat of public disclosure, demand for payment, or attempt to use the findings as leverage for any form of compensation or benefit.
  • You have not tested, and will not test, the physical security of any property or building of CIMB NIAGA;
  • You have not breached, and will not breach, any applicable laws in connection with your report and your interaction with CIMB NIAGA product or service that led to your report.
  • You will maintain strict confidentiality and not disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that vulnerabilities and/or errors have been reported to CIMB NIAGA.
  • You agree not to collect, store or share/disclose any data you have accessed or may access in connection with any discovered vulnerabilities and/or errors to any third party;
  • You agree that you are making your report without any expectation or requirement of reward or other benefit, financial or otherwise, for making such report, and without any expectation or requirement that the vulnerabilities and/or errors reported are corrected by CIMB NIAGA.
     

Click to report a Vulnerability