Islamabad, October 24, 2025 – The Federal Tax Ombudsman (FTO) has sounded a serious alarm over the Federal Board of Revenue’s (FBR) weak cybersecurity systems, revealing that hackers may have gained repeated unauthorized access to taxpayers’ confidential data.
According to the FTO’s findings in Complaint No. 2551/KHI/IT/2025, filed by Muhammad Shoaib Lakhani, proprietor of M/s Safa Steel, cybercriminals repeatedly hacked his FBR portal ID and password, altered sales tax returns, deleted original invoices, and inserted fake entries worth millions of rupees.
The case exposed a shocking reality — cybercriminals allegedly filed fake sales tax returns multiple times between August 2024 and July 2025, manipulating business profiles, adding bogus firms, and causing heavy financial losses to the taxpayer. Despite password changes, the hackers continued breaching the system every month.
The FTO’s investigation, supported by the Directorate of Intelligence & Investigation–Inland Revenue (I&I-IR), traced the cybercriminal network to Kanganpur, District Kasur, identifying individuals — including a tax consultant and registered income tax practitioner — as part of the operation. One suspect, Usman Ali, was arrested, while another, Shiraz Ahmed, is wanted in multiple tax fraud cases across Pakistan.
The Ombudsman’s report also warned that insider involvement within FBR and PRAL (Pakistan Revenue Automation Ltd.) could not be ruled out. It described FBR’s IT infrastructure as being under “the complete control of cybercriminals,” with vulnerabilities allowing data manipulation, fake filings, and unauthorized changes.
The FTO directed FBR to strengthen cybersecurity protocols, prosecute involved officers, and submit a compliance report within 60 days.
Disclaimer: The above findings are based on the official FTO report and are subject to further investigation.