This template is provided for Atlassian Marketplace Partners who have become aware of a security incident relating to an app (whether or not end user data has been compromised) and are looking to communicate information about it to their customers. This template provides guidance as to the matters that should ideally be covered in an incident notification involving a Marketplace app. Note that this template is not for communications concerning security vulnerabilities. For communicating information about a security vulnerability to your customers, please refer to the vulnerability notification template provided for that purpose.
You will need the following information to complete this template:
|The name of your Marketplace app.
|Nature of incident
A concise description of what the identified incident is and its potential impact in 2-3 sentences. In cases where end user data has been leaked, also provide an indication of the extent of the data exposure and type(s) of data affected.
The following template provides guidance as to how your communications with customers should look, including content that needs to be covered. Sections in [brackets] will need to be customised or removed based on the circumstances of your specific case.
We are writing to inform you of a security incident that was recently identified relating to the [Marketplace app name].
This means that [nature and period of incident].
The incident was [identified/brought to our notice] by [identification source and when]. Once we became aware of the issue, we [investigation details]. Based on what we found, [remediation actions] was done to rectify the issue.
Based on our investigations, this incident [has led to the following impacts / is not likely to have had any impacts on you)].
[steps customer needs to take, if applicable].
We want you to know that we take this issue very seriously. Please accept our sincere apologies for any inconvenience this may have caused. We are conducting a thorough review of our internal processes to ensure this does not occur again for you or other customers.
If you have any questions, please feel free to raise a support request at support.atlassian.com referencing [ticket number].
[Marketplace Partner name]
Rate this page: