Responsible Disclosure

At TomTom, we are thrilled to collaborate with talented researchers from around the world. We believe in fostering a community that promotes cybersecurity and values the contributions of ethical hackers.

Our private bug bounty program, in partnership with HackerOne, aims to enhance the security of our systems and protect our users’ data. We understand the importance of constant vigilance and value the expertise of security researchers like you.

If you discover any major vulnerabilities or potential weaknesses in our infrastructure, we encourage you to submit your findings for review. Please send the finding to security@tomtom.com. Our team will promptly evaluate your submission and take appropriate measures to address any identified issues.

Please note

  • Avoid excessive data downloading or unauthorised data modification to demonstrate the vulnerability;

  • Refrain from deleting or modifying other people’s data;

  • Keep the identified problem confidential until it has been fully resolved;

  • Do not reveal the problem to others before it has been addressed;

  • Avoid using attacks on physical security, social engineering, distributed denial of service (DDoS), or spam activities;

  • Do not engage in any attempts to compromise or attack TomTom personnel;

  • Refrain from attempting to compromise third-party applications, systems, or products unrelated to our program;

  • Emphasise the importance of maintaining confidentiality until the identified problem has been fully resolved;

  • Do not engage in any attempts to compromise or attack TomTom personnel;


Please do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the organization.

We appreciate your dedication and expertise in keeping our systems safe for everyone.