The Federal Tax Ombudsman (FTO) has issued a serious warning to the Federal Board of Revenue (FBR), revealing that its IT system has allegedly collapsed and is under the control of cybercriminals. This revelation was made in a detailed order released on Friday, highlighting deep-rooted vulnerabilities that threaten the integrity of the country’s tax data and digital infrastructure. According to the FTO’s findings, cybercriminals have managed to infiltrate the FBR’s system to such an extent that they can operate undetected, manipulating sensitive tax information and executing unauthorized transactions without leaving any digital footprint.
The report described multiple instances of compromised security, pointing to systemic weaknesses that have left FBR’s digital platforms exposed to exploitation. The FTO noted that the system’s flaws include inadequate safeguards against unauthorized access, insufficient data security measures, and the absence of internal alerts to detect unusual activity. It further revealed that the continuous hacking of taxpayer IDs, including the repeated compromise of a complainant’s account each month, reflects serious lapses in system monitoring and password management. Despite numerous attempts to identify those responsible, the issue remains unresolved, suggesting potential insider involvement, particularly among personnel with direct system access from PRAL.
These vulnerabilities have reportedly facilitated unauthorized data manipulation, enabling the creation of fake transactions and fraudulent tax entries. The FTO’s order emphasized that these lapses have resulted in compromised data integrity, weak quantitative reconciliation, and poor oversight in areas such as HS code matching between input and output tax records. It also indicated that some taxpayers may have colluded with officials within FBR and PRAL to exploit these weaknesses, using compromised accounts to generate fake invoices and claim tax benefits. The order called for urgent corrective measures to secure the system and restore its reliability to prevent further exploitation.
In response to these revelations, FBR has been directed to initiate immediate legal proceedings against those benefiting from such fraudulent activities. Chief Commissioners from regional tax offices in Lahore, Karachi, Islamabad, Peshawar, Multan, Gujranwala, Quetta, and Sialkot have been instructed to follow the procedures outlined in Sales Tax General Order No. 12 of 2023, which provides guidelines for handling cases involving fake and flying invoices. The FTO has also directed the Member Operations-IR to issue explanation calls to relevant Commissioners for failing to take adequate legal action in previous cases despite clear instructions. Meanwhile, the Director General I & I-IR has been tasked with intensifying efforts to apprehend key suspects, including Shiraz Ahmed and Niaz Ahmed, and any PRAL officials involved in the ongoing cyber breaches.
The Chief Commissioner Inland Revenue, LTO Karachi, in coordination with the Director General I & I-IR and the Director General IT, has been ordered to ensure immediate action to stop the repeated hacking incidents and restore the affected taxpayer’s access so that normal business operations can continue. FBR has been given 60 days to submit a comprehensive report to the FTO detailing the steps taken to safeguard its digital infrastructure, identify those responsible, and prevent further system compromise. The warning underscores the urgent need for enhanced cybersecurity protocols and stronger internal governance across the government’s digital systems to protect sensitive financial data and maintain public trust.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
