The National Technical Research Organisation (NTRO) has warned that individual Income Tax records can be accessed in an unauthorised manner by outsiders via cyber attacks. Through a letter dated January 17, the NTRO alerted the Central Board of Direct Taxes that income, tax and associated particulars of a tax payee filed electronically could be hacked through PAN card numbers by accessing the latter.
The letter from the NTRO Centre Director S Bhaskar asks the CBDT to take remedial measures to keep the database of individuals private, confidential and secure.
Sources said that with access to PAN card number, phone number and address, all that a hacker would need is the individual’s date of birth to conduct financial transactions — from opening a bank account or a demat account or to invest in a mutual fund.
NTRO, a scientific investigative agency directly under the National Security Adviser, has also pointed out that the IT department’s website www.incometaxindia.gov.in is vulnerable to malicious attacks through SQL and XSS injections.
SQL or Structured Query Language injection is a technique used by a hacker to log in as an administrator and add his own SQL to the site to gain access to confidential information or to change or delete the data that keeps the attacked website running.
Through XSS or Cross Site Scripting attack, malicious codes can be injected to steal session cookies and using them later to gain access to sensitive page content.
Electronic filing of tax returns was started in April 2003 as part of a proposal for web-based electronic tax administration system for service tax.