Islamabad, October 28, 2025 – The Federal Board of Revenue (FBR) on Tuesday strongly denied reports suggesting a cyber breach of its IT infrastructure, asserting that the Federal Tax Ombudsman’s (FTO) order regarding cyber-security had been misinterpreted by media outlets.
In a detailed press release, the FBR categorically rejected “misleading and exaggerated” claims circulating in print and electronic media, which alleged that its entire digital system had collapsed or fallen under cybercriminal control.
“FBR categorically denies such reports and the incorrect interpretation of the order issued by the Federal Tax Ombudsman,” the statement emphasized, reaffirming that the organization’s IT framework remains secure and fully functional.
To clarify the situation, the FBR explained that the incident cited in the FTO order was related to a specific taxpayer case where the complainant’s password was misused while in their own custody—not extracted from FBR’s database. The security lapse occurred at the taxpayer’s end, not within the tax authority’s systems.
According to FBR, the misuse was initially detected by its Intelligence and Investigation Wing after identifying irregular filing patterns, underscoring the agency’s active monitoring and internal controls.
The board also highlighted that it had undertaken a comprehensive security overhaul in December 2024, upgrading to state-of-the-art Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems. These frameworks continuously monitor, detect, and neutralize potential threats.
Furthermore, FBR noted that all critical servers and databases are protected by Endpoint Detection and Response (EDR) solutions, multi-factor authentication, and advanced logging mechanisms, making it virtually impossible for unauthorized access or data manipulation without traceable activity logs.
A third-party cyber-security audit was also completed between January and February 2025, during which all identified vulnerabilities were patched. Additionally, in May 2025, the FBR introduced a QR code-based authentication mechanism—temporarily suspended at the request of tax bar associations to improve user accessibility.
Despite robust protections, the FBR urged taxpayers to adopt stronger password practices, warning that even the most advanced systems cannot prevent the misuse of credentials if passwords are weak or shared. Users are advised to:
• Avoid passwords containing personal details such as names or birthdates,
• Use alphanumeric and special character combinations,
• Refrain from using the same password across multiple platforms, and
• Keep credentials strictly confidential.
Reiterating its commitment to cyber resilience, the FBR assured that Pakistan’s tax data remains fully secure, adding that misleading interpretations of official orders only serve to spread unnecessary panic and misinformation among taxpayers.