Instructions for Reporting Security Incidents


Submit a Microsoft Excel spreadsheet, or a Microsoft Word document, that has been encrypted using WINZIP 9 with password protection. The submission must include the following information:

  1. Date and time of the incident.
  2. Source of the incident.
  3. Method of detection.
  4. Detail description of the incident.
  5. Why should the incident be of concern.
  6. Corrective actions planned or taken.
  7. Whether taxpayer information was disclosed (Y/N only, do not include taxpayer information).
  8. Number of taxpayers impacted.
  9. Regular business hours contact name, phone number, and e-mail address.
  10. After-hours contact name, phone number, and e-mail address.
  11. Provider’s EFIN.
  12. The name of a Principal or Responsible Official as shown on the e-file application.

Note: This information must be enumerated exactly as above.

Submit the ZIP file and the password to via two separate email messages.

The Subject line of both email messages must show SECURITY INCIDENT.