The Federal Tax Ombudsman (FTO) has issued a serious and unusual warning to the Federal Board of Revenue (FBR), claiming that cybercriminals may have gained deep and alarming access to its digital systems. According to the FTO, key weaknesses inside the IT network have made it possible for hackers—and possibly insiders—to manipulate taxpayer data, alter financial records, and carry out fraudulent activities without detection.
This warning has raised major concerns about the safety of taxpayer information and the stability of Pakistan’s tax administration system. If not addressed immediately, these vulnerabilities could lead to long-term damage, financial losses, and a major trust deficit among taxpayers.
A System at Risk
The FTO report reveals multiple flaws that point to a serious breakdown in IT security. It suggests that hackers are not only entering the system but are able to operate inside it without leaving any digital trace. Even more troubling is the possibility that insiders with system access may be supporting these cyber-attacks.
Some of the major issues highlighted include:
-
Unauthorized access to taxpayer IDs
-
Fake transactions and manipulated taxpayer profiles
-
Weak monitoring and poor internal audit
-
Possible collusion between PRAL employees and hackers
-
No alerts for unusual or suspicious activity
Repeated complaints from affected taxpayers also show that ID and password hacking has been happening for months, especially during the July 2025 tax period. Despite efforts to track the attackers, the misuse continued—suggesting that someone within the system might be helping the cybercriminals.
How Cybercriminals Are Exploiting the System
According to the FTO’s findings, hackers were able to:
-
Create and approve fake invoices
-
Change taxpayer profiles without authorization
-
Bypass system alerts or security checks
-
Edit or erase digital trails to hide their activity
The report also pointed out errors in HS code matching and weaknesses in tax reconciliation systems, making it easier for fraudsters to commit tax evasion without being caught.
These flaws pose a serious threat to national revenue collection and could impact the credibility of digital tax services used by millions of citizens.
Legal and Administrative Orders from FTO
To control the situation, the FTO has directed FBR to take immediate and strict action. These directives include:
-
Launching legal proceedings against individuals who benefitted from fake invoices or manipulated entries
-
Enforcing Sales Tax SOPs, especially rules that target flying and fake invoices
-
Investigating why earlier complaints were ignored by relevant officers
-
Taking action against identified cybercriminals, including individuals named in the report
-
Stopping monthly hacking attempts targeting specific taxpayer accounts
-
Submitting a detailed action report within 60 days
The FTO stressed that accountability must start internally. If insiders are involved, they must face investigation and legal consequences.
Possible Consequences if Security Issues Continue
If FBR fails to repair these vulnerabilities, the problems could multiply quickly. Potential risks include:
-
Large-scale financial losses due to tax fraud
-
Legal penalties for negligence
-
Damage to FBR’s reputation and loss of public trust
-
Breakdown of digital tax services across the country
-
Wider exposure to cybercrime targeting citizens and businesses
A compromised IT system means taxpayers’ personal details, financial information, and business transactions could all be at risk.
What FBR Must Do Immediately
The FTO has made it clear that FBR must move quickly and decisively. Key responsibilities include:
-
Strengthening cybersecurity protocols
-
Monitoring PRAL employees with sensitive access
-
Improving internal audits and risk assessments
-
Creating alerts for abnormal taxpayer activity
-
Ensuring transparent action against fraudsters and collaborators
These steps are necessary to restore confidence in digital tax services and protect the national revenue system from further harm.
How Taxpayers Can Stay Safe
While FBR works on its internal reforms, taxpayers are advised to take simple precautions:
-
Regularly check their tax profiles for unusual activity
-
Use strong, unique passwords and avoid sharing them
-
Report suspicious login attempts or unauthorized changes
-
Follow FBR’s official announcements regarding security updates
Taking these steps can help reduce individual risks until the system becomes more secure.
Conclusion
The FTO’s warning is a wake-up call for Pakistan’s tax administration. With cybercriminals potentially gaining control over key systems, the situation demands immediate, transparent, and comprehensive action from FBR. Fixing internal weaknesses, strengthening digital security, and investigating insider threats are essential steps to protect taxpayer data and rebuild trust in the system.
FBR now has 60 days to report back on the improvements. The next few weeks will determine whether the system can be secured—or whether the risks will worsen.