- Advertisement -
ISLAMABAD, Oct 28 (APP):The Federal Board of Revenue (FBR) here on Tuesday categorically refuted reports circulating in print and electronic media outlets regarding the alleged vulnerability of FBR’s IT system, wrongly claiming that the entire system has collapsed and is under the complete control of cybercriminals.
“FBR categorically denies such reports and the incorrect interpretation of the order issued by the Federal Tax Ombudsman,” said FBR press release issued here.
To set the record straight and inform the general public, the board clarified that in the cited case, the password of the complainant was in the custody of the taxpayer, and the misuse of that password occurred due to a security lapse on the part of the taxpayer, not the IT system of FBR.
The password was misused while in the possession of the taxpayer, and not obtained from the FBR database. It is also pertinent to mention that the discrepancy was first detected by FBR’s own Intelligence and Investigation Wing due to the irregular filing pattern of the taxpayer.
The board further clarified that a comprehensive overhaul of the security processes of the IT system was carried out in December 2024. The IT infrastructure of FBR operates under state-of-the-art Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems.
All critical servers and data storage facilities are equipped with advanced Endpoint Detection and Response (EDR) solutions and multi-factor authentication mechanisms. In addition, highly advanced logging mechanisms have been deployed, which make it impossible to access the system through any backchannel or make any changes to the core data of FBR without the generation of log in the system.
In this regard, a complete third-party security audit of FBR’s IT system was conducted between January and February 2025, and all critical vulnerabilities have already been patched. A key workflow modification was introduced in May 2025, which generated a QR code-based authentication that was temporarily discontinued following requests received from tax bar associations.
Despite all the above-mentioned security features and mechanisms in place, the board said, taxpayers were strongly advised, in their own interest, to avoid setting passwords that are easy to predict, such as those containing their name or date of birth.
They are also advised to use multiple combinations of alphanumeric and special key combination of passwords, avoid setting the same password across multiple platforms, and to keep their passwords secure as no security system can detect the theft of a password or misuse of a stolen passwords.