Security Breach Reporting
As part of our commitment to security and transparency, we have a clear process for vendors and third parties to report security breaches directly to us.
Please follow the instructions below to ensure your report is handled promptly and effectively.
How to Report a Breach
If you become aware of a security breach that affects our organization, please report it to us as soon as possible. Here’s what to do:
- Contact Method: Send your report to our security team at privacy@threekit.com
- Requested Information:
- Description of the Incident: Include details such as the nature of the breach, date and time, and how it was discovered.
- Affected Systems: Identify any systems or data that may be affected.
- Evidence: Attach any initial evidence of the breach (e.g., screenshots, logs) that may help with our investigation.
- Timeframe: We hope that all breaches be reported within 24 hours of discovery to ensure a timely response.
What Happens Next?
After you report a breach, here’s how we handle it:
- Acknowledgment: You will receive an acknowledgment of your report within 24 hours to confirm we have received it and are initiating a review.
- Investigation: Our security team will assess the breach, gather necessary information, and determine the scope of the impact. We may reach out for additional details if needed.
- Confidentiality: Rest assured, all information you provide will be handled confidentially, and we will protect any sensitive data shared with us.
- Follow-Up Communication: As our team investigates, we may provide updates or request further information to aid in our response and resolution process.
- Resolution: Upon completing the investigation, we will take appropriate action to mitigate any risks or vulnerabilities identified. When applicable, we will notify you of the steps taken to resolve the incident.
Frequently Asked Questions
Q: What qualifies as a security breach?
A: A breach includes any unauthorized access, disclosure, or damage to data or systems that could impact our organization or customers.
Q: How soon should I report a breach?
A: Please report any breaches within 24 hours of discovery to ensure a prompt response.
Q: Will I receive feedback on my report?
A: Yes, we will acknowledge your report upon receipt, and you may receive updates or a closing summary based on the outcome of the investigation.
Q: Does Threekit have a Bug Bounty Program?
A: Please note that we do not currently have a bug bounty program. While we greatly appreciate any efforts to improve our security posture, we cannot offer financial rewards for reported vulnerabilities at this time. However, we highly value the cooperation of our vendors and partners in promptly reporting any breaches or security issues.