A major cyber intrusion into Pakistan’s tax system has been uncovered by the Federal Tax Ombudsman, revealing fraudulent adjustments to input tax credits amounting to Rs. 74.8 million through unauthorized access to a taxpayer’s IRIS profile.
According to official findings, unidentified individuals gained illegal access by misusing login credentials and altered the sales tax return for October 2025. The breach involved the insertion of fake supplies worth Rs. 415.6 million, effectively wiping out the taxpayer’s entire carry-forward input tax credit.
The affected taxpayer filed a complaint seeking an independent inquiry, removal of fake invoices, restoration of tax credit, and legal action against those responsible.
Investigations indicate the fraud was part of a broader organized network, with suspected facilitation by individuals linked to the Federal Board of Revenue and Pakistan Revenue Automation Limited.
Authorities found that cybercriminals exploited data from dormant and blacklisted taxpayers, as well as accounts holding large accumulated credits, to insert fraudulent transactions into the system.
The activity has been traced across multiple cities, including Karachi, Lahore, Multan, Quetta, and Islamabad, with several beneficiaries already identified for legal proceedings.
The ombudsman termed the incident as maladministration and directed the Directorate General of Intelligence and Investigation (Inland Revenue) to conduct a comprehensive probe using digital evidence, including IP tracking, to identify those involved both within and outside official institutions.
Tax authorities nationwide have been instructed to coordinate efforts to trace the fraudulent supply chain and ensure enforcement action.
Meanwhile, the IRIS Business Process Reengineering team has been tasked with recommending system upgrades, including stronger controls on credential changes, biometric verification, and enhanced supervisory checks.
The Federal Board of Revenue has been directed to submit a compliance report within 60 days, detailing progress on the investigation and steps taken to prevent similar breaches.
The case has raised serious concerns over vulnerabilities in Pakistan’s digital tax infrastructure, highlighting the urgent need for stronger cybersecurity safeguards and oversight mechanisms.
