Karachi, January 7, 2026 – The Federal Board of Revenue (FBR) is facing severe scrutiny after yet another taxpayer reported his account hacked, exposing massive security flaws in the government’s online tax system. The incident, uncovered by the Federal Tax Ombudsman (FTO), highlights critical weaknesses that could threaten Pakistan’s national revenue.
Khurshid Ahmad, the complainant, revealed that his IRIS account has been repeatedly accessed by cybercriminals since January 2025. Fraudsters have allegedly filed fake sales tax returns, manipulated his tax registration profile, and added bogus business names, causing enormous revenue losses. Despite multiple complaints to the FBR chairman and the Federal Investigation Agency (FIA), no corrective action has been taken.
The FTO’s investigation exposed alarming details: the hacker paid only Rs35 in sales tax while generating fake supplies worth Rs249 million between July 2024 and June 2025. Analysis of login data from PRAL showed IP addresses from locations across Pakistan—including Karachi, Lahore, Multan, and Quetta—as well as international addresses in London, Singapore, and Amsterdam, indicating the use of sophisticated VPNs.
“The repeated hacking of the same taxpayer’s ID raises serious concerns about insider involvement and the integrity of the FBR IT system,” the FTO noted. Weak internal controls, inadequate data security, and insufficient safeguards against tax fraud have emboldened unscrupulous taxpayers to exploit the system using fake or flying invoices.
The FTO warned that the current lax enforcement regime has allowed these fraudulent practices to flourish. Beneficiaries have knowingly purchased fake invoices without actual goods movement, evading substantial tax liabilities. The Ombudsman has recommended that the FBR take strict legal action, prosecute culprits, and ensure Chief Commissioners identify other beneficiaries along the supply chain for immediate action.
Experts say the latest case underscores an urgent need for FBR to overhaul its IT security and tighten internal controls to protect taxpayer data and safeguard national revenue.