IRS Logo
Print - Click this link to Print this page

Instructions for Reporting Web site Security Incidents (updated 10-02-08)

Submit a Microsoft Excel spreadsheet, or a Microsoft Word document, that has been encrypted using WINZIP 9 with password protection. The submission must include the following information:

  1. Date and time of the incident
  2. Source of the incident
  3. Method of detection
  4. Detail description of the incident
  5. Why should the incident be of concern
  6. Corrective actions planned or taken
  7. Whether taxpayer information was disclosed (Y/N only, do not include taxpayer information)
  8. Number of taxpayers inpacted
  9. Regular business hours contact name, phone number, and e-mail address;
  10. After-hours contact name, phone number, and e-mail address
  11. Provider’s EFIN and
  12. The name of a Principal or Responsible Official as shown on the e-file application.

NOTE: This information must be enumerated exactly as above.

Submit the ZIP file and the password to new.efile.requirements@irs.gov via two separate e-mail messages.

The Subject line of both e-mail messages must show “SECURITY INCIDENT.”

Page Last Reviewed or Updated: 08-Apr-2014