Report a website vulnerability

A website vulnerability is a weakness that allows an attacker to gain some level of control of a website.


Once found, these vulnerabilities can be exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site.

We encourage the public to report website vulnerabilities. If you've found or know of any vulnerabilities to any New Zealand Customs Service website, please complete the form below.

What will Customs do?

  • We'll acknowledge receipt of this form as soon as possible and provide an update within seven (7) working days.
  • We'll assess and validate the reported vulnerability.
  • If requested, you can be notified of the outcome.
  • We'll aim to fix vulnerabilities as quickly as practicable.

Customs will not seek legal recourse for any reported vulnerabilities unless the vulnerability is:

  • Used to change, deface or destroy the website.
  • Used to corrupt or destroy data.
  • Used to access or share any information that does not belong to the reporter.
  • Reported to others so it may be exploited for malicious intent.
  • Used to undertake ‘Denial of Service’ attacks.

Vulnerability reporting

Please provide screenshots of the vulnerability, if possible.