Reporting Security Issues

Information Security At Illumina

At Illumina, the security of our employees, our customers, and genomic and personal data is our priority. We are committed to investigating all reported security issues. If you suspect a vulnerability or breach, let us know immediately.

Reporting Security Issues

To report a security concern or suspected vulnerability, email security@illumina.com. Security threats can include:

  • Website security issues affecting www.illumina.com
  • Instrument security concerns
  • Software security vulnerabilities affecting BaseSpace Sequence Hub, BaseSpace Clarity LIMS, or BaseSpace Variant Interpreter

We strive to address and respond to each reported issue as quickly as possible. To help us meet this goal, we ask you to include any relevant supporting documentation with your report. All information you provide will remain confidential and will not be shared without your permission. After you submit a report, we’ll confirm receipt and provide status updates as we investigate the issue.

How We Evaluate Security Issues

We evaluate and classify security issues using the industry-standard Common Vulnerability Scoring System (CVSS). It helps us contextualize the risk and make an informed decision about how to respond.

After you submit a report, we will determine whether the security vulnerability poses a significant risk. If needed, we will contact you for further information. After the investigation is complete, we’ll communicate the results and our plan to resolve the threat and notify the public. If we are unable to validate the reported issue, we will notify you.

If the vulnerability or security breach involves a third-party product (such as an application in BaseSpace Sequence Hub), we will inform the third party.

Notifying the Public

If a security threat requires public notification, we will coordinate an announcement with you. We ask that you do not share any information related to a vulnerability or security breach with the public, including via social media, until we have investigated and addressed it. We also ask you to refrain from sharing any customer data.