KTBA urges FBR to secure data centre from hacking

KARACHI: Lamenting the weaknesses in the Federal Board of Revenue (FBR) systems and hacking of taxpayers’ data, tax practitioners on Monday urged to take all necessary steps in association with other regulators to avoid such a breach in future.

The Karachi Tax Bar Association (KTBA) in a statement reminded that only a couple of months ago, system-based bulk notices were issued mechanically under section 122(5) of the Income Tax Ordinance, 2001 in a compromising manner. The issue was highlighted back then as well and the current situation confirms that there were vulnerabilities that allowed “external tinkering in the system”, it noted.

It has been pointed out time and again that the information technology equipment as well as some of its software were not up to date; however, the FBR did not upgrade its system.

FBR’s data centre Pakistan Revenue Authority Limited (PRAL) weathered a vicious cyber-attack last weekend. Top FBR officials claimed that the tax regulatory authority recently experienced phishing attack by hackers at its main data centre located at the PRAL, “but the cyber-criminals failed to make any breakthrough”.

Expressing concerns regarding the data compromise, the KTBA said, “It goes without saying that the data contains sensitive information comprising personal and business information, including but not limited to IBANs, CNIC, date of birth, passport, which in many ways are associated with taxpayers’ banks (both individual and business accounts) and other DFIs both domestically and internationally.”

Reiterating further, the association pointed out that the hosting and archiving of such sensitive data on cloud with a casual approach not only compromised the sovereignty of Pakistan, but could also result in grave consequences for taxpayers, domestically and internationally, both.