Privacy & Security·4 min read·Updated 1 January 2025

How AskBiz Responds to Security Incidents

Q: Has AskBiz ever had a data breach?

AskBiz has not experienced a data breach affecting customer data since launch. In the event of any future incident, affected users will be notified directly by email within 72 hours in accordance with our GDPR obligations.

Q: How do I report a security vulnerability I have discovered?

Report vulnerabilities responsibly to security@askbiz.co. Include a description of the vulnerability, steps to reproduce it, and the potential impact. We aim to acknowledge all reports within 24 hours and will credit researchers in our security acknowledgements page for valid reports (with their permission).

AskBiz's process for detecting, containing, and notifying users of security incidents — and what you should do if you suspect your account has been compromised.

How AskBiz detects security incidents#

AskBiz uses several layers of monitoring to detect potential security incidents:

Automated anomaly detection: unusual login patterns (new country, impossible travel, multiple failed attempts) trigger alerts and may lock the account pending verification
Infrastructure monitoring: AWS GuardDuty and CloudTrail monitor for unusual API activity, unauthorised access attempts, and data exfiltration signals
Vulnerability scanning: automated security scans run weekly across AskBiz's codebase and infrastructure
Bug bounty program: security researchers can responsibly disclose vulnerabilities via security@askbiz.co

Penetration testing is conducted annually by an independent security firm.

AskBiz's incident response process#

When a security incident is identified:

1. Containment (within 1 hour): the affected system or access pathway is isolated to prevent further exposure

2. Assessment (within 4 hours): the scope of the incident is determined — what data was potentially accessed, by whom, and for how long

3. Notification (within 72 hours for data breaches): affected users are notified by email with details of what happened, what data was involved, and what actions AskBiz has taken

4. Regulatory notification: the ICO (UK) or relevant supervisory authority is notified within 72 hours where required by GDPR

5. Remediation: the vulnerability is fixed and a post-incident review is conducted

6. Communication update: a follow-up email is sent to affected users once the incident is fully resolved

What to do if you suspect your account is compromised#

If you notice unusual activity on your AskBiz account:

1. Change your password immediately: Settings → Security → Change Password

2. Review active sessions: Settings → Security → Active Sessions — revoke any sessions you do not recognise

3. Enable two-factor authentication if not already active: Settings → Security → Two-Factor Authentication

4. Check your team members list: Settings → Team — verify no unknown users have been added

5. Contact security@askbiz.co with details of the suspicious activity — include your account email and a description of what you noticed

AskBiz's security team will investigate and respond within 4 business hours.

Frequently Asked Questions

Has AskBiz ever had a data breach?

How do I report a security vulnerability I have discovered?

Was this article helpful?

Still stuck? Email our support team.

How AskBiz detects security incidents#

AskBiz's incident response process#

What to do if you suspect your account is compromised#

Frequently Asked Questions

Related Articles