Report an IT security issue

At BNG bank, we consider the security of our systems and data to be of paramount importance. Despite our diligence, vulnerabilities may still exist.

If you have discovered a security issue, please report it to us as soon as possible so that we can take appropriate measures.

How can you report a vulnerability?

The BNG security team can be reached by email at: responsibledisclosure@bngbank.nl.

Please include the following in your message

• A clear description of the problem.
• The steps needed to reproduce the problem.
• Any relevant technical details (such as URLs, screenshots, or code examples).

What we ask of you

• Do not abuse the vulnerability or use any access gained to systems or data.
• Do not share the information with third parties until the problem has been resolved.
• Do not use social engineering, DDoS attacks, brute force, or physical intrusions.
• Limit any damage and do not modify or delete any data.

What you can expect from us

• We will respond to your report within 5 business days.
• We will assess your report and, where possible, keep you informed of the progress and the final solution.
• We will always treat your report confidentially. We will not share your personal data with third parties without your consent, unless required to do so by law.
• Have you complied with the above conditions? Then we will not take legal action against you in relation to the report.

Fake emails (phishing)

Have you received an email that appears to be from BNG bank, but which you do not trust? Forward it unchanged to valse-mail@bngbank.nl.

Our Security team will carefully investigate every report. Do not open any attachments, do not click on any links, and only delete the email after you have forwarded it.

Reporting cyber (related) incidents to BNG-CERT

To report cyber and other IT-related incidents, you can use the email address of BNG-CERT: bng-cert@bngbank.nl

Contact details and secure communication

Address details  

BNG Bank N.V.  
Attn:  BNG-CERT  
Postbus 30305  
2500 GH The Hague, Netherlands

Telephone

BNG-CERT is available from 8:00 a.m. to 6:00 p.m (GMT+1). on +44 1736 802 045 (PagerDuty). Support outside these hours is currently provided on a best-effort basis.  

Email

For communication about sensitive or confidential information, we use encryption (such as PGP keys) and apply the guidelines laid down in the CERT policy (e.g. based on RFC2350) to ensure that your report is treated securely.  The public PGP annual key is published on several known PGP Keyservers and on this website. You can download it for secure communication with BNG-CERT. PGP details:

• Version: 1.2
• Datum last update: 13-06-2025
• Datum last review: 28-02-2025
• RFC2350
• BNG-CERT PGP Publieke Jaarsleutel 2025

Thank you for your help in improving the security of BNG bank!