Cyber Incident Victim: Indian Revenue Service

On February 6, 2016, suspected Pakistan-based hacking groups compromised the official Indian Revenue Service (IRS) website (http://www.irsofficersonline.gov.in), which served as a communication platform between the Central Board of Direct Taxes and Income Tax department field offices across India. The attackers defaced the portal early Saturday morning, rendering it inaccessible to users. They posted messages including "Pakistan Zindabad" and "we are team Pak cyber attacker," indicating both the origin and motivation behind the intrusion. The website administrators replaced the compromised content with a maintenance notice stating, "We'll be back soon! Sorry for the inconvenience but we're performing some maintenance at the moment." Officials confirmed the hack disrupted official communications but emphasized no sensitive or classified information resided on the compromised URL, as the portal primarily facilitated operational coordination rather than storing confidential data.

The technical team responsible for the IRS portal immediately notified India's Computer Emergency Response Team (CERT-In), the national agency tasked with addressing cybersecurity threats including hacking and phishing attacks. A comprehensive security audit was initiated to assess vulnerabilities and reinforce the portal's defenses. Authorities maintained transparency about the breach's limited scope, clarifying that the attack only affected the public-facing website component and did not penetrate deeper departmental systems or databases. The incident highlighted risks to government web assets, prompting heightened scrutiny of external-facing infrastructure. Restoration efforts focused on eliminating malicious code and verifying system integrity before returning the portal to operational status, with no reports of data exfiltration or secondary compromises identified during the investigation.