ISLAMABAD: The Federal Board of Revenue (FBR) has yet not taken any action against concerned officials of the Pakistan Revenue Automation Limited (PRAL), who were directly responsible for taxpayer’s data security or assigned for data protection at the FBR’s Data centres.
Sources told Business Recorder that the CEO PRAL had already resigned in first week of August before the cyber-attack on the FBR website, whereas, former chairman FBR Asim Ahmad was removed from the FBR.
However, the actual officers responsible for the data security of the FBR were working in the PRAL. It is reliably learnt that the officials primarily responsible for such kind of security are still working on the same positions and no action has been taken against them.
The concerned PRAL officials have committed serious violations of laid down protocols. The Federal Tax Ombudsman (FTO) has already ordered an investigation into the matter of cyber-attack on the FBR’s website and hacking of confidential/classified data of FBR web-portal.
In this connection, the FTO office has issued a notice to the FBR. According to the FTO, the notices were served to secretary Revenue Division; CEO, Pakistan Revenue Automation Limited (PRAL) and FBR Member (IT) to submit their replies to the said allegations/issues by the given deadline.
According to details, a tax lawyer, a public interest complaint was filed against the FBR/PRAL key position holders, Asim Ahmad, former Chairman FBR & Member (IT), Sajidullah Siddiqui, former Member (IT) and Muhammad Gohar Ahmed Khan, CEO PRAL, contending that either FBR/PRAL official (principal custodian of taxpayer confidential/classified financial record/data) are professionally incapable of protecting the secrecy of Pakistan’s taxpayers’ record or this debacle is the result of the connivance of PRAL employees.
When contacted Waheed Butt told this correspondent that cyber-attacks on key data websites, data and data centres of FBR/PRAL pose a threat that can undermine the security capabilities of the state.
It can cause significant economic damages including ongoing crucial CPEC activities. It has been accused that the mastermind of this nefarious move and their collaborators including public servants working in FBR/PRAL, if any, must be removed from services and criminal cases must be registered against them who failed to provide security to the confidential/classified data of taxpayers of Pakistan.
The complainant also accused that the concerned authorities were buying shoddy computer softwares and using pirated versions. The FTO notice stated: The FBR is the largest database that carries information on trillions of rupees transactions, details of wealth and income and expenditures of its citizens. It also has detail about their various personal and business transactions due to various types of withholding taxes that are being deducted on these transactions.
Recently, FBR has succumbed to a cyber-attack and its officer website, IRIS system and other critical tools remained non-functional. Thus confidential/classified data of FBR Web-portal has been hacked/ attacked by hackers/blackmailers, bringing down all the official websites operated by FBR/PRAL and badly exposing taxpayers’ confidential data. This is being attributed to neglect, inattention, delay, incompetence and ineptitude of FBR’s functionaries, in the administration or discharge of duties and responsibilities.
It is not the first time that the FBR data went under attack.
A similar unsuccessful attempt was made in March 2020. Despite knowing the vulnerabilities in their system, the FBR did not bother to make special arrangements to secure their systems, the FTO order stated.
The said incident revealed that either FBR/PRAL officials (custodian of taxpayer confidential/classified record) are professionally incapable of protecting the secrecy of Pakistan’s taxpayers’ record or this debacle is the result of active/passive connivance of PRAL employees, the FTO notice concluded.
Copyright Business Recorder, 2021