Islamabad: The Federal Board of Revenue (FBR) has dismissed claims circulating in media outlets about the supposed vulnerability of its IT system. Contrary to reports suggesting a system collapse and control by cybercriminals, the FBR asserted that these allegations misinterpret an order issued by the Federal Tax Ombudsman.

The FBR clarified that a recent incident involved the misuse of a taxpayer’s password, which was in their own custody, rather than a breach of the FBR database. The irregularity was identified by FBR’s Intelligence and Investigation Wing, highlighting an issue with the taxpayer’s security practices, not the IT system itself.

In response to security concerns, the FBR detailed the measures taken to safeguard its IT infrastructure. A significant security overhaul was completed in December 2024, incorporating advanced Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems. Critical servers are protected by Endpoint Detection and Response (EDR) solutions, multi-factor authentication, and sophisticated logging mechanisms.

A third-party audit conducted earlier in the year confirmed that all critical vulnerabilities were addressed. Furthermore, a QR code-based authentication workflow was implemented, though it faced temporary suspension due to requests from tax bar associations.

The FBR emphasized the importance of robust password practices among taxpayers. It advised against using easily guessed passwords and recommended employing complex alphanumeric combinations. Taxpayers were urged to keep passwords secure, as no system can fully prevent password theft or misuse.