ISLAMABAD: The Federal Tax Ombudsman (FTO) has ordered an investigation into the matter of cyber attack on the Federal Board of Revenue's (FBR) website and hacking of confidential/classified data of FBR web-portal. In this connection, the FTO office has issued a notice to the FBR.
According to the FTO, the notices have been served to Secretary Revenue Division; CEO, Pakistan Revenue Automation Limited (PRAL) and FBR Member (IT) to submit their replies to the said allegations/issues by the given deadline.
According to details, a tax lawyer, Waheed Shahzad Butt, filed a public interest complaint against the FBR/PRAL key position holders, Asim Ahmad, former Chairman FBR & Member (IT), Sajidullah Siddiqui, former Member (IT) & Muhammad Gohar Ahmed Khan, CEO PRAL, contending that either FBR/PRAL official (principal custodian of taxpayer confidential/classified financial record/data) are professionally incapable of protecting the secrecy of Pakistan's taxpayers' record or this debacle is the result of the connivance of PRAL employees.
When contacted Waheed Butt told this correspondent that cyber attacks on key data websites, data and data centres of FBR/PRAL pose a threat that can undermine the security capabilities of the state. It can cause significant economic damages including ongoing crucial CPEC activities. It has been accused that the mastermind of this nefarious move and their collaborators including public servants working in FBR/PRAL, if any, must be removed from services and criminal cases must be registered against them who failed to provide security to the confidential/classified data of taxpayers of Pakistan.
The complainant also accused that the concerned authorities were buying the shoddy computer soft-wares and using pirated versions.
FTO notice stated: "The FBR is the largest database that carries information on trillions of rupees transactions, details of wealth and income and expenditures of its citizens. It also has detail about their various personal and business transactions due to various types of withholding taxes that are being deducted on these transactions.
"Recently FBR has succumbed to a cyber attack and its officer website, IRIS system and other critical tools remained non-functional. Thus confidential/classified data of FBR Web-portal has been hacked/ attacked by hackers/blackmailers, bringing down all the official websites operated by FBR/PRAL and badly exposing taxpayers' confidential data. This is being attributed to neglect, inattention, delay, incompetence and ineptitude of FBR's functionaries, in the administration or discharge of duties and responsibilities."
It is not the first time that the FBR data went under attack. A similar unsuccessful attempt was made in March 2020. Despite knowing the vulnerabilities in their system, the FBR did not bother to make special arrangements to secure their systems, FTO order stated. The said incident revealed that either FBR/PRAL officials (custodian of taxpayer confidential/classified record) are professionally incapable of protecting the secrecy of Pakistan's taxpayers' record or this debacle is the result of active/passive connivance of PRAL employees, says the notice.
Cyber attacks by state and non-state actors on key data websites, data and data centers pose a threat that can undermine the security capabilities of a state. It can cause significant economic damages, FTO notice concluded.