ISLAMABAD: The Federal Tax Ombudsman (FTO) has issued a stern warning over critical vulnerabilities in the Federal Board of Revenue’s (FBR) IT infrastructure, highlighting the system’s susceptibility to cyberattacks, unauthorized transactions, and data manipulation.
According to the FTO order released on Friday, the system appears to be under the control of cybercriminals, who can operate without leaving a trace. The repeated hacking of a taxpayer’s ID password, most recently in July 2025, underscores potential insider involvement, particularly from the Pakistan Revenue Automation Limited (PRAL).
The FTO report identified severe weaknesses, including compromised data integrity, weak internal controls, inadequate safeguards against tax fraud, lack of system alerts for unusual activity, and unauthorized changes in taxpayer profiles to facilitate fake transactions. Evidence also suggests possible collusion between taxpayers and FBR/PRAL employees.
To address the issue, the FBR will direct Chief Commissioners and Commissioners of Regional Tax Offices in Lahore, Karachi, Gujranwala, Peshawar, Multan, Islamabad, Quetta, and Sialkot to initiate legal proceedings against those benefiting from tax fraud. The instructions follow the Sales Tax General Order No.12 of 2023, which outlines procedures to tackle fake invoices and fraudulent transactions.
The FTO also called for intensified efforts by the Director General of I&I-IR and the DG IT to apprehend masterminds, including Shiraz Ahmed and Niaz Ahmed, and any other cybercriminals, including potential insiders from PRAL. Measures will also be taken to stop the continuous hacking of the complainant’s ID so business operations can resume normally.
The FBR has been directed to submit a detailed report within 60 days to the FTO on actions taken to secure the system and prevent further breaches.
