Please immediately email security@lotterywest.wa.gov.au outlining:

a) A brief description of the security vulnerability identified;

b) When and how the security vulnerability was identified;

c) The system(s) affected, including the website, domain, IP or page where the security vulnerability was found;

d) The names of any files that were uploaded to Lotterywest systems;

e) The names of any test accounts you have created (where applicable);

f) Any suggestions you have on how to address the security vulnerability;

g) Your contact details, which we will keep confidential (unless otherwise required by law or regulator); and

h) Any other relevant information.

For further information please read our Vulnerability Disclosure Policy.