Data leak, vulnerability, or abuse of our computer systems? Please report it
The Tax Authorities strive to ensure the highest possible level of security. We apply the highest level of security to safeguard the information entrusted to us, so that everyone's privacy is and remains guaranteed. However, unsafe situations may still occur despite all our best efforts and due diligence.
On this page you read more about:
- Report misuse of our network
- Reporting other security threats
- Coordinated Vulnerability Disclosure (CVD) (Rules for reporting vulnerabilities in our automation systems)
Reporting malicious and phishing e-mails. Have you received a suspect or malicious e-mail (phishing e-mail)? Go to: Reporting malicious and phishing e-mails.
Have you noticed that our software systems (Belastingdienst, Toeslagen, Douane) are being misused, for example, because you have received suspect e-mail or messages? Report this to us on: firstname.lastname@example.org (use this e-mail address for this type of report only). Would you like to submit a report securely? Then use our PGP-Key (KeyID: 60131A93, Fingerprint: E979 8325 8C9A DD04 36E3 3F78 E2FE 2311 6013 1A93).
Would you like to report other urgent security threats, which must be reported immediately in the general interests of, for example, the Belastingdienst, Toeslagen, Douane, the Netherlands and/or the European Union? Then please contact the Security Operations Centre (SOC) of the Tax Authorities as quickly as possible. The SOC is available 7 days a week and 24 hours a day via: email@example.com (use this e-mail address for this type of report only). Would you like to submit your report securely? Then use our PGP-key (KeyID: EE68447C, Fingerprint: 93E2 F67F 0DDD 1D05 17E6 19DF 376A 25C4 EE68 447C).
For less urgent security threats, please contact the Tax Information Line.
Please use the e-mail addresses only for the corresponding topics
The e-mail addresses on this page are only intended to inform us of what you noted and know about the issue indicated for that e-mail address. Are you reporting something else to one of the e-mail addresses on this page? Then your e-mail will not be processed. The message in your e-mail will not be recorded in our records.
If you discover a vulnerability in one of the systems of Belastingdienst, Douane or Toeslagen we would like to know about it. Report the vulnerability before you share it with others so that we can take measures first. This is referred to as 'Coordinated Vulnerability Disclosure' (CVD).