The “casual approach” of Pakistan’s Federal Board of Revenue (FBR) in hosting information on the cloud not only compromises the country’s sovereignty but could also have grave consequences for taxpayers, both domestically and internationally, according to tax practitioners.
The Karachi Tax Bar Association (KTBA) comments are part of the fallout from a mid-month breach of computer systems at the government’s revenue-collecting service.
A phishing attack reportedly knocked all of the FBR’s official websites out of action for more than 72 hours and caused some problems in the system for declaring imported goods.
The attack was on the FBR’s data centre. “The cyber-criminals failed to make any breakthrough”, The News International newspaper quoted the FBR as saying.
But the KTBA, whose members are accountants, tax consultants and lawyers, is concerned about compromise of individuals’ sensitive data such as date of birth, passport and banking details.
The association urged the FBR to take all necessary steps to avoid a repeat of the incident.
Two years ago the World Bank allocated $80m (€62m) for a loan to the revenue service to replace end-of-life equipment and carry out other system upgrades given the risk of critical system failure and disruption of operations.
The project has been delayed and the money not spent, the Express Tribune newspaper reported.
In a status report last June, the World Bank wrote: “In the next six months, it is expected that key activities such as the replacement of end-of-life equipment and update of legacy software as well as the establishment of the data warehouse and business intelligence systems will be well underway.”
The FBR’s data centre is again operational, according to finance minister Shaukat Tarin.
“Yes the system was hacked. But all major systems are now back to normal and no damage has been done to the data,” he said.
“Details about the disruption in the system have been submitted by FBR, which will be verified and augmented by external experts so that this does not happen again.”
PrivSec Global is back for another 2 information-packed days, featuring a series of brand new topics and themes.