Metlife Responsible Disclosure Policy

At MetLife, we take cybersecurity seriously and value the contributions of the security community at large. The responsible disclosure of potential issues helps MetLife protect the security and privacy of our customers and data.  If you believe you’ve found a security issue in one of our applications, services, products, websites, or systems, please send us a report.

Please include the following details in your report:

• The application, service, product, website, or system involved;
• The type of issue discovered;
• A detailed description of the potential vulnerability, including the steps necessary to reproduce the vulnerability;
• Suggested mitigation or remediation; and
• Perceived impact of the vulnerability.

Please note that this Responsible Disclosure Policy should not be construed as encouragement or permission to perform any of the following activities:

• Hack, penetrate, or otherwise attempt to gain unauthorized access to MetLife applications, systems, or data in violation of applicable law, including federal, state and international law;
• Adversely impact MetLife or the operation of MetLife applications or systems;
• Exploit the vulnerability for personal gain, or to the detriment of MetLife or our customers or employees; or
• Store, share, compromise or destroy MetLife customer data. If Personally Identifiable Information (PII) or other MetLife Confidential Information is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact MetLife. This step protects any potentially vulnerable data, and you.

MetLife does not waive any rights or claims with respect to such activities.

Thank you for helping us keep MetLife customers and data safe!