The Federal Board of Revenue (FBR) has categorically denied recent media reports alleging that its IT system has collapsed and fallen under the control of cybercriminals. In a statement issued Tuesday, the FBR called such claims “misleading” and rejected the misinterpretation of an order issued by the Federal Tax Ombudsman.
The FBR clarified that its IT infrastructure remains secure and fully operational. “All critical servers and data storage facilities are equipped with advanced Endpoint Detection and Response (EDR) solutions and multi-factor authentication mechanisms,” the statement said.
Addressing the specific case cited in the media, the FBR explained that the misuse of a taxpayer’s password was due to a lapse on the taxpayer’s part, not a breach of the FBR’s system. The password was never obtained from the FBR database, and the irregular activity was first detected by the FBR’s own Intelligence and Investigation Wing.
The FBR emphasized that it has recently overhauled its IT security processes, deploying state-of-the-art Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems. All critical vulnerabilities identified in a third-party security audit conducted earlier this year have been patched, the FBR added.
The tax authority also urged taxpayers to use strong, unique passwords and avoid easily predictable combinations, such as names or dates of birth, to further enhance their own security.
The FBR reiterated its commitment to maintaining the highest standards of cybersecurity and transparency, assuring the public that its systems are protected against unauthorized access and cyber threats.