ISLAMABAD: Federal Tax Ombudsman (FTO) has made a shocking revelation that Federal Board of Revenue’s (FBR’s) whole IT system has collapsed and under the complete control of cybercriminals.
The cybercriminals can do anything with the FBR IT system, FTO order concluded.
The complaint was filed in terms of Section 10(1) of the Federal Tax Ombudsman Ordinance, 2000 (FTO Ordinance) initially against the illegal suspension of sales tax registration (STRN). Later on, additional grounds of complaint were filed against frequent hacking/unauthorized access to password, ID and filing of returns/revised returns, deletion of original invoices, insertion of fake sales tax invoices, etc.
FBR revises de-registration procedure of ST registration
According to an order issued by the FTO on Friday, there are security vulnerabilities whereby the system is susceptible to data manipulation, backdoor entries, and unauthorized transactions. It appears that the whole IT system has collapsed and under complete control of cybercriminals who can do whatever they want without any trail or risk of being caught. These are very serious issues which must be tackled immediately for the survival of FBR IT structure.
FTO’s order disclosed that despite extraordinary efforts to apprehend the real culprits involved in the change of ID & password by the complainant every month, the misuse of the ID & password of the complainant did not stop, and it continued every month; the latest of tax period July 2025. Therefore, the involvement of the insiders who have direct access to the system, especially from the PRAL, cannot be ruled out.
The repeated hacking of the password ID of the same taxpayer also reflects on the quality of security & sanctity of the data and the whole IT system. The critical system weaknesses include data integrity, inadequate data security, weak internal controls, and insufficient safeguards against tax fraud.
The inadequate system controls include the manipulation of data, a lack of system alerts for unusual activity, inadequate HS code matching between input & output tax, quantitative reconciliation, and unauthorized changes in the taxpayers’ profiles to facilitate the creation of fake transactions.
In addition, there has been potential collusion between taxpayers and FBR/PRAL employees to exploit the vulnerabilities of the system, FTO order added.
Copyright Business Recorder, 2025
Comments
Comments are closed for this article.