Background Photo

Light & Wonder, Inc. (L&W) places the highest priority on maintaining and improving the security of our systems and infrastructure. However, despite our best efforts, vulnerabilities can still exist. This Statement sets out how you can help us to protect all our clients and systems, by safely and securely reporting any vulnerabilities identified within our software, hardware, or source code.

How to report a vulnerability

If you identify a vulnerability, we would be grateful if you could report it as soon as possible to securityreporting@lnw.com.  

When reporting, please:

  • Include as much information as you can, including the nature of the vulnerability, how you identified it and its impact.
  • If you can, include the IP address, URL and/or source path of the location of the vulnerability.
  • Delete all data obtained while identifying the vulnerability immediately and securely upon making your report.

Please DO NOT:

  • Report the vulnerability to any party other than reporting it via e-mail to L&W at securityreporting@lnw.com.  
  • Report or post about the vulnerability on any social media or other channels.
  • Exploit, copy, use or access the vulnerability except where strictly necessary to report its presence.
  • Take any action that might violate any applicable laws or agreements, including those related to privacy, personal data and/or confidentiality, or cause an impact to the operating of the system.
  • Use the Security Reporting email address for any purpose other than reporting vulnerabilities that are impacting, or have the potential to impact,  our systems or infrastructure.

If in doubt, please direct any questions to securityreporting@lnw.com

How we will deal with your report:

L&W will respond to you as soon as possible with an assessment of the issue and an anticipated date of resolving it (if applicable). We will try to keep you updated on our progress in working toward resolving the vulnerability.

Your report will be treated in the strictest confidence and no personal details will be shared with any third party without your consent, except as otherwise required by law.

Please note: L&W does not offer any form of financial compensation for reporting vulnerabilities.