Read

    Data leak, vulnerability, or abuse of our computer systems? Please report it

    The Tax Authorities strive to ensure the highest possible level of security. We apply the highest level of security to safeguard the information entrusted to us, so that everyone's privacy is and remains guaranteed. However, unsafe situations may still occur despite all our best efforts and due diligence.

    On this page you read more about:

    Reporting malicious and phishing e-mails. Have you received a suspect or malicious e-mail (phishing e-mail)? Go to: Report a suspicious e-mail.

    Report misuse of our network

    Have you noticed that our software systems (Belastingdienst, Toeslagen, Douane) are being misused, for example, because you have received suspect e-mail or messages? Report this to us on: abuse@belastingdienst.nl (use this e-mail address for this type of report only). Would you like to submit a report securely? Then use our PGP-Key (KeyID: 27009733, Fingerprint: 5871 A2A1 1447 84ED 3EC4 DFA9 4C26 A159 2700 9733).

    Reporting other security threats

    Would you like to report other urgent security threats, which must be reported immediately in the general interests of, for example, the Belastingdienst, Toeslagen, Douane, the Netherlands and/or the European Union? Then please contact the Security Operations Centre (SOC) of the Tax Authorities as quickly as possible. The SOC is available 7 days a week and 24 hours a day via: soc@belastingdienst.nl (use this e-mail address for this type of report only). Would you like to submit your report securely? Then use our PGP-key (KeyID: 90A6766B, Fingerprint: 11F4 0AFD CEA3 9024 0C51 24DE C8CC 256E 90A6 766B).

    For less urgent security threats, please contact the Tax Information Line.

    Please use the e-mail addresses only for the corresponding topics

    The e-mail addresses on this page are only intended to inform us of what you noted and know about the issue indicated for that e-mail address. Are you reporting something else to one of the e-mail addresses on this page? Then your e-mail will not be processed. The message in your e-mail will not be recorded in our records.

    Coordinated Vulnerability Disclosure (CVD)

    If you discover a vulnerability in one of the systems of Belastingdienst, Douane or Toeslagen we would like to know about it. Report the vulnerability before you share it with others so that we can take measures first. This is referred to as 'Coordinated Vulnerability Disclosure' (CVD).

    RFC2350

    RFC2350 is an international standard for Computer Security Incident Response Teams. This standard describes how and for what purpose other CERT organisations can approach the BD-SOC in the event of incidents.

    More information

    Javascript is disabled in this web browser. You must activate Javascript in order to view this website.