Syed Saif Ul Hassan 
Oct 29, 2025
A policeman walks past the Federal Board of Revenue (FBR) office building in Islamabad on August 29, 2018. — Reuters
Days after a warning from the Federal Tax Ombudsman (FRO) and a wave of reports alleging that the Federal Board of Revenue's (FBR) IT system was under the control of cybercriminals, the board has denied these claims, calling them “misleading”.
The national revenue board explained that the reports about the IT system collapse were driven by the misinterpretation of FTO's order.
It was also clarified that FBR's IT infrastructure remains fully secure and fully operational. “All critical servers and data storage facilities are equipped with advanced Endpoint Detection and Response (EDR) solutions and multi-factor authentication mechanisms,” read an official FBR statement.
Responding to media reports churned out by multiple news outlets, the FBR explained that the misuse of a taxpayer’s password was not a breach of the FBR’s system, but rather a lapse on the taxpayer’s part.
The password was never obtained from the FBR database, and the irregular activity was first detected by the FBR’s own Intelligence and Investigation Wing.
The revenue authority emphasised that it has recently overhauled its IT security processes, deploying state-of-the-art Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems.
All critical vulnerabilities identified in a third-party security audit conducted earlier this year have been patched, the FBR added.
The tax authority also urged taxpayers to use strong, unique passwords and avoid easily predictable combinations, such as names or dates of birth, to further enhance their own security.
By clearing the air around its purportedly hacked IT system, the FBR reiterated its commitment to maintaining the highest standards of cybersecurity and transparency to ensure that its systems are protected against unauthorised access and cyber threats.
