October 29, 2025 (MLN): The Federal Board of Revenue (FBR) has strongly refuted reports circulating in print and electronic media claiming that its IT system has been compromised or taken over by cybercriminals, terming such news as “misleading and factually incorrect.”
FBR clarified that the reports stemmed from a misinterpretation of an order issued by the Federal Tax Ombudsman (FTO), according to the press release issued.
It also emphasized that the alleged data breach was due to negligence on the part of an individual taxpayer, not a flaw in FBR’s IT system.
“The password of the complainant was in the custody of the taxpayer and was misused due to a security lapse at their end, not because of any breach in FBR’s system,” the statement said.
The irregular filing activity was, in fact, detected by FBR’s own Intelligence and Investigation Wing, it added.
FBR further noted that a comprehensive security overhaul of its IT system was completed in December 2024, equipping it with state-of-the-art cybersecurity tools, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint Detection and Response (EDR) solutions, and multi-factor authentication.
Additionally, a third-party security audit conducted in early 2025 found no critical vulnerabilities, all of which have since been patched.
A QR code-based authentication system was also introduced in May 2025 to further enhance user security, though it was later paused temporarily upon requests from tax bar associations.
FBR advised taxpayers to adopt strong password practices by avoiding easily predictable passwords and not reusing them across multiple platforms.
“No system can prevent the misuse of a password that has been willingly shared or carelessly handled,” the authority warned.
The tax authority reaffirmed that its digital infrastructure remains fully secure and operational, dismissing all claims of a system collapse as baseless.
Large Scale Manufacturing (LSM)