Skip to main content
Eurostar
Help
Book

Responsible Disclosure

Responsible Disclosure Policy

We want to ensure people are able to quickly contact us with security concerns or information related to privacy or the confidentiality, integrity or availability of our systems. We value and appreciate responsible disclosures that support user privacy and security, and the purpose of this responsible disclosure policy is to enable security professionals and others to alert us in a quick and easy way.

Examples of when you might want to contact us include:

  • vulnerabilities or breaches in our software or environments which threaten the confidentiality, integrity or availability of our data or our customers' data
  • "copycat" applications or phishing attacks
  • activity, discussion or data in any public forum which you believe constitutes a threat to Eurostar or our customers


How to contact us
Please send us an email at security@eurostar.com.

In your email, please include:

  • a clear description of the issue (logs, screenshots, responses)
  • any platforms, operating systems, versions that are relevant
  • any relevant IP addresses or URLs
  • any supporting evidence you have collected (logging, tracing etc.)
  • your assessment of the impact of the issue
  • your suggestion to combat the issue


Please keep relevant evidence as we may need it.


Responsibilities
To enable us to treat communications as responsible disclosures:

  • Do be specific
  • Do not put any Eurostar or customer data at risk
  • Do provide sufficient detail
  • Do reference existing vulnerability information where relevant

We reserve the right to deal appropriately with attack and extortion attempts.

How we will respond
If we believe an issue has been reported as a responsible disclosure in line with this policy, we will deal with the matter promptly.

We may need to send you a reply with follow up questions if needed.

We discourage and will not respond to:

  • reports of generic vulnerabilities with no evidence of relevance to our systems
  • reports of any information already in the public domain
  • reports that are vague or non-actionable
  • reports that are not in line with this policy


Financial rewards
We do not offer financial rewards.


Confidentiality
You must treat as confidential all information about our systems, staff or customers that you become aware of. We will treat your information in the same way.

Special thanks
Eurostar would like to thank everybody who contributed to make this website as secure as possible through their contributions. A special thank you to Naveen Kumawat for his contribution on DNS security and Oussama Kasmi for his contribution on web application security.

Ready to book?

Frequent or Premium Pass

Please log in to use your subscription pass.

RegisterForgotten your password?

Verify it's you

To complete your registration, enter the 6-digit security code we've sent to

Didn't get the code?

Please check your spam/junk folder

Top routes

Sign up to our newsletter

Download our app

Download on the App StoreGet it on Google Play

Feedback

Help us improve our website

View all our fares, fees, and conditions.

Eurostar International Limited is an Appointed Representative of AWP Assistance UK Limited (trading as Allianz Global Assistance) which is authorised and regulated by the Financial Conduct Authority (FCA). AWP Assistance UK Limited FCA registration number is 311909. FCA authorisation can be checked on the FCA register at https://www.fsa.gov.uk/register/ | E-mail: Insurance@allianz-assistance.co.uk

© 2024 Eurostar International Ltd. All Rights Reserved