Responsible Disclosure Policy

OakNorth considers the protection of customer data a significant responsibility as we want to provide our customers with a remarkable experience across every stage of their journey with us. We therefore take the security of our systems extremely seriously, and we genuinely value the assistance of security researchers and others in the security community to assist in keeping our systems secure. We also welcome reports on security vulnerabilities that may provide a potential attacker with the ability to compromise the integrity, availability, or confidentiality of OakNorth products, services, or information technology infrastructure, and that meet our submission guidelines.

The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users. If you discover a vulnerability, we would appreciate hearing from you in accordance with this Policy so we can resolve the issue as soon as possible.

If you wish to submit a vulnerability, please do so using the HackerOne platform by visiting To ensure that any disclosures are made responsibly, and are not treated as an attack or extortion, please follow the terms mentioned on this page. This page includes the details of the scope and programme rules for submission.

What you can expect from us:

  1. We will work with you to understand and resolve the issue in an effort to increase the protection of our customers and systems;
  2. When you follow the guidelines that are laid out on the HackerOne platform, we will not pursue or support any legal action related to your research;
  3. We will respond to your report within two business days of submission, provided the submission reports are relevant and actionable.