Auditor General Orders FBR to Explain Why it Got Hacked. According to an AGP report on the FBR website hack. the agreement between the FBR and Pakistan Revenue Automation Limited (PRAL) provides for “data security”. PRAL will not share FBR data with any other department, agency or tax practitioner. Additional system security and access control policies and procedures applicable to the Services will be developed in accordance with standard data governance rules. In the event of an actual or threatened breach of FBR’s data security. including firewall breach, PRAL will fully cooperate with FBR to secure the data. Firewalls and security certifications for listed applications must be kept up to date at all times. Security certification purchased for FBR applications should not be used for any other commercial venture undertaken by PRAL.
Auditor General Orders FBR
During the audit of the accounts of the Chief Executive Officer PRAL Islamabad for the financial year 2020-21. It was observed that there was a massive malfunction in the FBRKE e-portal across Pakistan as all applications including Inland Revenue Information System (IRIS). Integrated Tax Management System (ITMS), Weboc, One Customs etc. were hacked.
It may be mentioned that during the year ended 30 June 2021 Rs.990.00 million was spent on equipment.it assets provided by FBR and services provided by PRAL.
Apart from the eq in view of PRAL. The audit observed that PRAL could not maintain an adequate and efficient system despite adequate funds provided by FBR. As per data security agreement between FBR and PRAL. It was agreed that firewall and security certification for FBR applications should be kept updated at all times. PRAL stated that the data center had adequate firewalls which prevented data theft by hackers. However, improvements and system upgrades were ongoing.Auditor General Orders FBR to Explain.
The AGP emphasized that the fact-finding report prepared by the committee. Verified by the member IT regarding the massive breach of the FBR’s DE portal. Progress on system upgrades may also be submitted for audit. Under notification to AGP.