Our Vulnerability Disclosure Program allows security researchers to share their findings directly with us. If you believe you have discovered a security vulnerability in an Ausgrid system, service or product, please report it to us as soon as possible, subject to the rules below.

For the protection of our customers, we treat all information regarding a vulnerability as confidential and ask that you do not publicly disclose, discuss or confirm the details of any suspected security issues. Please contact your energy retailer to discuss reconnecting the power supply at your property. The retailer will be able to confirm the status of the service order request.

At Ausgrid, we are committed to ensuring the security and safety of our information, systems and assets.

What is not allowed?

The following types of research are strictly prohibited:

  • Any physical attempts to access Ausgrid assets and property
  • Accessing or attempting to access accounts or data that you are not authorised to access
  • Sharing information about vulnerabilities found with third parties without prior approval from us
  • Any attempt to exfiltrate, modify or destroy any data without prior approval from us
  • Sending or attempting to send unsolicited or unauthorised email, spam or any other form of unsolicited messages
  • Conducting social engineering (including phishing) of Ausgrid employees, contractors, customers or any other related party
  • Posting, transmitting, uploading, linking to, sending or storing malware, viruses or similar harmful software that could impact our services, products, customers, or any other related party
  • Denial of Service (DoS) attacks to disrupt any of our services
    Clickjacking
  • Weak or insecure SSL ciphers and certificates (unless there are exploitable vulnerabilities associated with them)
  • Any activity that breaches any law

The following people are excluded from the scope of this Program:

  • Employees and officers of Ausgrid and
  • Technology or security contractors engaged by Ausgrid, their employees and any other individuals they directly or indirectly engage for work relating to Ausgrid.

How to report a potential security vulnerability

You can responsibly disclose potential security vulnerabilities to Ausgrid’s Cyber Security team by submitting the form below. We’ll consider and verify the information to enhance the security and safety of our systems.

When reporting a potential security vulnerability, please include as much information as possible, including:

  • Name and contact details (optional)
  • A short description of the vulnerability
  • Date and time the suspected security issue or vulnerability was discovered
  • Details of the systems that are affected by the vulnerability
  • A detailed description of the vulnerability and security impact
  • Step-by-step instructions to reproduce the vulnerability (how could an attacker exploit it?)
  • Any suggestions you have on how to fix the vulnerability
  • Any personal information you provide will be managed in accordance with Ausgrid’s Privacy Policy.

Alternatively, you may choose to remain anonymous or provide a pseudonym.

Vulnerability Disclosure Form

Please report any potential security vulnerabilities to Ausgrid’s Cyber Security team using the form below. 

Thank you for your submission. We will investigate the issue and may contact you.

For urgent matters, please call 13 13 65.

 

Please note: code examples cannot be pasted into this form.