alorica

Please enter three or more characters.

Bug Bounty Program - Reporting Security Vulnerabilities

 

At Alorica we want to provide our customers with technology and services that deliver Tech-enabled experiences across every touch point. We want to do that in a way that protects our customers and partners from the wide variety of cyber security threats that exist.
With that in mind Alorica Inc. invites security professionals from all backgrounds to assess our public facing defenses with an objective & professional eye in order to discover potential vulnerabilities and help us to continually improve the security of our platform.
Our public bug bounty program is managed through BugCrowd. Please report any security vulnerabilities through our BugCrowd page. The bug bounty program and its rewards are applicable only to security vulnerabilities.

 

 

Ethical Vulnerability Disclosure Policy

 

Introduction

At Alorica, we are committed to safeguarding the security and privacy of our systems, data, and services. Despite our best efforts, vulnerabilities may still exist. We welcome responsible security researchers and ethical hackers to report potential vulnerabilities to us in a constructive, lawful, and ethical manner.

This policy outlines how to report security issues to us and the conditions under which we engage with such disclosures.

Scope

This policy applies only to:

  • Publicly accessible systems and services hosted on the alorica.com domain

This policy does not apply to:

  • Social engineering attacks (e.g., phishing, vishing)
  • Physical security vulnerabilities
  • Third-party services or software not under Alorica’s control
Guidelines for Responsible Disclosure

We ask that you:

  • Act in good faith and avoid privacy violations, service disruption, or data destruction
  • Do not access, modify, store, or delete data without authorization
  • Avoid using automated tools that generate excessive traffic or system load
  • Provide sufficient detail for Alorica to verify and reproduce the vulnerability
  • Do not publicly disclose any vulnerability without Alorica’s written consent
  • Follow all applicable laws and avoid actions that could cause harm
How to Report a Vulnerability

To report a potential security vulnerability, please contact us at: [email protected]

Include the following details in your report:

  • A concise and clear description of the vulnerability
  • Step-by-step instructions or proof-of-concept code
  • The affected system or URL
  • The potential impact of the issue
  • Your contact information (optional if you wish to remain anonymous)
Alorica’s Commitment

If you report a vulnerability in accordance with this policy, Alorica commits to:

  • Acknowledge receipt of your report within 5 business days
  • Work with you to understand and resolve the issue promptly
  • Treat your report as confidential
  • Not pursue legal action if you act in good faith and comply with this policy
Exclusions and Non-Compliance

The following actions fall outside the scope of this policy and may be subject to legal action:

  • Unauthorized data access or exfiltration
  • Use of vulnerabilities to compromise, extort, or disrupt services
  • Disclosure of vulnerabilities without prior coordination with Alorica
Safe Harbor

If your actions are lawful and follow this policy in good faith:

  • Alorica considers your activities to be authorized
  • Alorica will not initiate legal action against you

 

Last updated: July 22, 2025
For more information, please visit www.alorica.com

Alorica Inc. (“Alorica”) is the holding company of various direct and indirect subsidiaries, including Systems & Services Technologies, Inc. (SST), NMLS 950746. Many of Alorica Inc.’s subsidiaries operate under the brand, Alorica, but all remain separate legal entities.

Contact