The Federal Board of Revenue (FBR) has strongly refuted recent reports circulating in both print and electronic media, which claim that the entire FBR IT system has collapsed and fallen under the control of cybercriminals. In a statement issued on Tuesday, the FBR clarified that these claims were misleading and misinterpreted an order issued by the Federal Tax Ombudsman (FTO).
The tax authority explained that the issue arose from a security lapse on the part of the taxpayer involved in the case, where the complainant’s password was compromised. FBR emphasised that the password was in the possession of the taxpayer and was misused without any involvement of the FBR IT system or its database. The discrepancy was initially identified by FBR’s Intelligence and Investigation Wing after detecting irregularities in the taxpayer’s filing pattern.
Further clarifying the situation, the FBR confirmed that a comprehensive overhaul of its IT security processes had already been implemented in December 2024. The FBR operates under advanced cybersecurity systems, including Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) tools.Â
Additionally, critical servers and data storage are protected by advanced Endpoint Detection and Response (EDR) solutions, multi-factor authentication, and extensive logging mechanisms, making unauthorized access nearly impossible.
A third-party security audit conducted earlier this year in January and February 2025 identified and patched any potential vulnerabilities, reinforcing the robustness of FBR’s IT infrastructure. A QR code-based authentication system was also introduced in May 2025 but was temporarily discontinued in response to requests from tax bar associations.
The FBR also took this opportunity to advise taxpayers on best practices for securing their personal accounts. They urged taxpayers to avoid easily guessable passwords, such as those containing personal information like names or birthdates. The FBR also recommended using alphanumeric combinations and unique passwords for different platforms, as no security system can fully prevent the misuse of a stolen password.
The FBR reiterated its commitment to maintaining a secure and robust IT infrastructure, emphasizing that any issues arising from compromised taxpayer credentials are not a reflection of vulnerabilities within the FBR’s own systems.
On Saturday, the FTO revealed a startling security breach within the FBR’s IT system, claiming that the entire system is under the control of cybercriminals. The FTO’s order highlighted serious vulnerabilities, including unauthorized access to passwords, manipulation of tax data, and unauthorized filing of returns.
