Data leak, vulnerability, or abuse of our computer systems? Please report it

The Tax Authorities strive to ensure the highest possible level of security. We apply the highest level of security to safeguard the information entrusted to us, so that everyone's privacy is and remains guaranteed. However, unsafe situations may still occur despite all our best efforts and due diligence.

On this page you read more about:

Reporting malicious and phishing e-mails. Have you received a suspect or malicious e-mail (phishing e-mail)? Go to: Reporting malicious and phishing e-mails.

Report misuse of our network

Have you noticed that our software systems (Belastingdienst, Toeslagen, Douane) are being misused, for example, because you have received suspect e-mail or messages? Report this to us on: (use this e-mail address for this type of report only). Would you like to submit a report securely? Then use our PGP-Key (KeyID: 612E 2BB2, Fingerprint: D477 D11E 2819 52B6 5821 C2AD 5C7A 0672 612E 2BB2).

Reporting other security threats

Would you like to report other urgent security threats, which must be reported immediately in the general interests of, for example, the Belastingdienst, Toeslagen, Douane, the Netherlands and/or the European Union? Then please contact the Security Operations Centre (SOC) of the Tax Authorities as quickly as possible. The SOC is available 7 days a week and 24 hours a day via: (use this e-mail address for this type of report only). Would you like to submit your report securely? Then use our PGP-key (KeyID: 6AB9 C707, Fingerprint: FD3F 23BD 6E59 2DF1 47DB 1591 CFFD B589 6AB9 C707).

For less urgent security threats, please contact the Tax Information Line.

Please use the e-mail addresses only for the corresponding topics

The e-mail addresses on this page are only intended to inform us of what you noted and know about the issue indicated for that e-mail address. Are you reporting something else to one of the e-mail addresses on this page? Then your e-mail will not be processed. The message in your e-mail will not be recorded in our records.

Coordinated Vulnerability Disclosure (CVD)

If you discover a vulnerability in one of the systems of Belastingdienst, Douane or Toeslagen we would like to know about it. Report the vulnerability before you share it with others so that we can take measures first. This is referred to as 'Coordinated Vulnerability Disclosure' (CVD).


RFC2350 is an international standard for Computer Security Incident Response Teams. This standard describes how and for what purpose other CERT organisations can approach the BD-SOC in the event of incidents.

More information

Javascript is disabled in this web browser. You must activate Javascript in order to view this website.