Skip to main content

Vulnerability Disclosure Program

Help keep RACV safe by reporting security vulnerabilities

What is a security vulnerability?
Report a vulnerability
Next steps

Thank you for contacting us

Your reference number is

We'll contact you within 72 hours and may ask for this reference number.

Keeping our members and customers safe

Cyber safety is important to us. We've partnered with Bugcrowd, a crowdsourced security platform, so that dedicated researchers can help us find and minimise the impact of any security vulnerabilities as quickly as possible.

What is a security vulnerability?

A security vulnerability is a weakness or flaw in a service or system that could allow an attacker to compromise a secure network.

Common examples include:

  • broken access control, where unauthorised users can access, modify or delete data they shouldn't have access to
  • broken authentication, where attackers impersonate other users by compromising their login credentials and hijacking user sessions
  • injection, where attackers inject malicious code into a website to try and gain access to data or to target users.

Security vulnerabilities are system-wide and can affect many people. If you're concerned about suspicious activity in your own RACV account, you don't need to report a vulnerability. Instead, call our team from 7am to 11pm on 13 72 28.

Found a security vulnerability?

What we need to know

Include the following in your report:

  • the affected webpage or platform, including the URL
  • your name and contact details (or choose to remain anonymous)
  • the date, time and time zone of when you found the vulnerability
  • the IP address used when you found the vulnerability
  • steps to recreate the vulnerability
  • the potential impact of the vulnerability.

Report in Bugcrowd

Thank you for helping us keep RACV safe.

If you believe you've found a vulnerability, you can report it via Bugcrowd. We ask that you keep any vulnerabilities you find confidential to help protect our members and customers.

Submit a report

  • You'll get an automated response

    When you report via Bugcrowd, you'll get an automated response letting you know we've received your report.

  • We'll review your report

    We'll use the information you've provided us to assess the potential vulnerability.

  • We may contact you

    If you've included your contact details in your report, we may contact you via Bugcrowd's portal if we have any further questions.

  • We'll fix the vulnerability

    Our team will work to correct the vulnerability as quickly as possible to make impacted areas secure.