Data leak, vulnerability, or abuse of our computer systems? Please report it
The Tax Authorities strive to ensure the highest possible level of security. We apply the highest level of security to safeguard the information entrusted to us, so that everyone's privacy is and remains guaranteed. However, unsafe situations may still occur despite all our best efforts and due diligence.
On this page you read more about:
- Report misuse of our network
- Reporting other security threats
- Coordinated Vulnerability Disclosure (CVD) (Rules for reporting vulnerabilities in our automation systems)
Reporting malicious and phishing e-mails. Have you received a suspect or malicious e-mail (phishing e-mail)? Go to: Reporting malicious and phishing e-mails.
Report misuse of our network
Have you noticed that our software systems (Belastingdienst, Toeslagen, Douane) are being misused, for example, because you have received suspect e-mail or messages? Report this to us on: email@example.com (use this e-mail address for this type of report only). Would you like to submit a report securely? Then use our PGP-Key (KeyID: 393e9250, Fingerprint: db96 f4e6 8ce7 f68e 1d6b a76c 73ec 6759 393e 9250).
Reporting other security threats
Would you like to report other urgent security threats, which must be reported immediately in the general interests of, for example, the Belastingdienst, Toeslagen, Douane, the Netherlands and/or the European Union? Then please contact the Security Operations Centre (SOC) of the Tax Authorities as quickly as possible. The SOC is available 7 days a week and 24 hours a day via: firstname.lastname@example.org (use this e-mail address for this type of report only). Would you like to submit your report securely? Then use our PGP-key (KeyID: 4319e7e8, Fingerprint: 3d5d 4604 9565 cfe6 1f19 e69b eb00 26f4 4319 e7e8).
For less urgent security threats, please contact the Tax Information Line.
Please use the e-mail addresses only for the corresponding topics
The e-mail addresses on this page are only intended to inform us of what you noted and know about the issue indicated for that e-mail address. Are you reporting something else to one of the e-mail addresses on this page? Then your e-mail will not be processed. The message in your e-mail will not be recorded in our records.
Coordinated Vulnerability Disclosure (CVD)
If you discover a vulnerability in one of the systems of Belastingdienst, Douane or Toeslagen we would like to know about it. Report the vulnerability before you share it with others so that we can take measures first. This is referred to as 'Coordinated Vulnerability Disclosure' (CVD).
- Read more on the page 'Coordinated Vulnerability Disclosure'
- For more information on safe internet for citizens and SMEs, please visit the website of the Digital Trust Center
- Also read more about using the internet safely on National Cyber Security Centre (NCSC), part of the Ministry of Justice and Security