Cyber Incident Victim: Indian State Tax Office

On February 6, 2016, the official web portal of the Indian Revenue Service (IRS)—irsofficersonline.gov.in—was compromised by suspected Pakistan-based threat actors. The attackers rendered the website inaccessible and defaced it with messages including "Pakistan Zindabad" and "we are team Pak cyber attacker." The incident occurred early Saturday, disrupting the platform's function as a communication channel between the Central Board of Direct Taxes and field offices of the Income Tax department nationwide. Visitors attempting to access the site encountered a maintenance notice stating, "We'll be back soon! Sorry for the inconvenience but we're performing some maintenance at the moment," though this message was part of the post-compromise disruption rather than planned upkeep. The breach specifically affected the IRS community portal used by tax officials for administrative coordination.

The technical team managing the website promptly notified India's Computer Emergency Response Team (CERT-In), the national agency responsible for addressing cybersecurity threats. A security audit was initiated to assess vulnerabilities and reinforce the portal's defenses. Officials confirmed no sensitive or classified information resided on the compromised URL, limiting the operational impact to service disruption rather than data exfiltration. Restoration efforts focused on removing malicious content and restoring normal operations, though the exact timeline for full recovery was not disclosed. The incident underscored risks to government web assets and triggered formal coordination between the Income Tax department and national cybersecurity authorities.