FBR Refuses Claims of IT System Breach

ISLAMABAD: The Federal Board of Revenue (FBR) has categorically denied recent media reports alleging a collapse or compromise of its IT system, asserting that the claims stem from a misunderstanding of a Federal Tax Ombudsman (FTO) order.

In a statement issued on Tuesday, the FBR clarified that no cyberattack or system breach had occurred, and that the reported incident was limited to a security lapse on the taxpayer’s end. The authority explained that the complainant’s password had been compromised and misused, without any intrusion into FBR’s databases or systems. The irregular activity was first detected by FBR’s Intelligence and Investigation Wing, which identified anomalies in the taxpayer’s filing history.

The FBR noted that it had already completed a comprehensive upgrade of its IT security infrastructure in December 2024. Its systems are protected by state-of-the-art technologies, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), as well as Endpoint Detection and Response (EDR) tools, supported by multi-factor authentication and detailed system logs.

A third-party cybersecurity audit conducted in early 2025 also verified and patched any potential vulnerabilities. The FBR added that a QR code-based authentication mechanism, introduced in May 2025 to strengthen login security, was temporarily suspended following feedback from tax bar associations.

Advising taxpayers to safeguard their personal login credentials, the FBR urged the use of strong, unique passwords and avoidance of easily guessable details like names or birthdates. “No system can prevent the misuse of a stolen password,” the authority cautioned, underscoring that the incident was unrelated to any internal weakness.

Reaffirming its commitment to maintaining a secure digital infrastructure, the FBR stated that allegations of cybercriminals controlling its systems were “baseless and misleading.”

The clarification follows a statement by the FTO over the weekend, which claimed that the FBR’s IT systems had been compromised, alleging unauthorized access to passwords, manipulation of tax data, and filing of fake returns.