Read

    Data leak, vulnerability, or abuse of our computer systems? Please report it

    The Tax Authorities strive to ensure the highest possible level of security. We apply the highest level of security to safeguard the information entrusted to us, so that everyone's privacy is and remains guaranteed. However, unsafe situations may still occur despite all our best efforts and due diligence.

    On this page you read more about:

    Reporting malicious and phishing e-mails. Have you received a suspect or malicious e-mail (phishing e-mail)? Go to: Reporting malicious and phishing e-mails.

    Report misuse of our network

    Have you noticed that our software systems (Belastingdienst, Toeslagen, Douane) are being misused, for example, because you have received suspect e-mail or messages? Report this to us on: abuse@belastingdienst.nl (use this e-mail address for this type of report only). Would you like to submit a report securely? Then use our PGP-Key (KeyID: BF65 1830, Fingerprint: 786C 700E FF29 DD28 EB51 161A 9809 B1EF BF65 1830).

    Reporting other security threats

    Would you like to report other urgent security threats, which must be reported immediately in the general interests of, for example, the Belastingdienst, Toeslagen, Douane, the Netherlands and/or the European Union? Then please contact the Security Operations Centre (SOC) of the Tax Authorities as quickly as possible. The SOC is available 7 days a week and 24 hours a day via: soc@belastingdienst.nl (use this e-mail address for this type of report only). Would you like to submit your report securely? Then use our PGP-key (KeyID: CBE4 CCDF, Fingerprint: C228 97B8 920C 6877 F633 516F 8965 A483 CBE4 CCDF).

    For less urgent security threats, please contact the Tax Information Line.

    Please use the e-mail addresses only for the corresponding topics

    The e-mail addresses on this page are only intended to inform us of what you noted and know about the issue indicated for that e-mail address. Are you reporting something else to one of the e-mail addresses on this page? Then your e-mail will not be processed. The message in your e-mail will not be recorded in our records.

    Coordinated Vulnerability Disclosure (CVD)

    If you discover a vulnerability in one of the systems of Belastingdienst, Douane or Toeslagen we would like to know about it. Report the vulnerability before you share it with others so that we can take measures first. This is referred to as 'Coordinated Vulnerability Disclosure' (CVD).

    RFC2350

    RFC2350 is an international standard for Computer Security Incident Response Teams. This standard describes how and for what purpose other CERT organisations can approach the BD-SOC in the event of incidents.

    More information

    Javascript is disabled in this web browser. You must activate Javascript in order to view this website.