The South African Revenue Service (Sars) and the Office of the Tax Ombud (OTO) have dismissed a report that as many as 16 000 eFiling profiles have been hijacked, with taxpayers losing refunds to cybercriminals.
The Sowetan reported on Friday that cybercriminals were increasingly breaching Sars’s systems, raising questions about the security of taxpayer data. But Sars and the OTO said in a joint statement that the article contained “a number of factual inaccuracies”. These, they said, will be clarified when the ombud’s report on eFiling profile hijackings is published this Wednesday, 1 October.
The report stems from an August 2024 request by the ombud to finance minister Enoch Godongwana for permission to investigate systemic failures at Sars in helping taxpayers whose profiles were compromised. The review followed complaints received in June 2024 from taxpayers and industry bodies.
In February this year, the ombud called on taxpayers and representatives to complete a survey to measure the scale of the problem. The report was initially due on 7 July, but publication was postponed after Sars commissioner Edward Kieswetter requested more time to respond to the preliminary findings. An extension was granted until 31 August, pushing publication to 1 October.
Sars and the OTO acknowledged that compromised tax profiles have been under investigation for more than a year. They said the migration to digital platforms has created new opportunities for criminals to exploit authentication and data-sharing vulnerabilities.
“Even routine activities such as accessing tax platforms or updating banking details have become potential gateways for exploitation,” the agencies said.
Government systems have increasingly come under attack in recent years.
Public soon
In July, TechCentral reported that national treasury had discovered malware in its IT systems, possibly linked to a global Microsoft SharePoint vulnerability. Other state entities, including the Companies and Intellectual Property Commission, the State Security Agency and the Government Employees Pension Fund, have also been breached in the past two years.
To address the growing threat, the Democratic Alliance has tabled a private members’ bill in parliament proposing the creation of a centralised Cyber Commission to coordinate defences across government and the private sector.
Read: Influencer hustle meets tax muscle as Sars steps up enforcement
“We respect that the final report by the ombud will soon be made public,” Kieswetter said. “Sars remains committed to ensuring the highest levels of integrity and protection for taxpayers who use its digital platforms.” – (c) 2025 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.
