A significant breach in the Inland Revenue Department’s (IRD) taxpayer portal has raised concerns over the security of the IT systems of the Government of Nepal. Two employees from a Chitwan-based auditing firm have been arrested by the Central Investigation Bureau (CIB) of Nepal Police for allegedly manipulating tax details of a company by gaining unauthorized access to the system.

The case involves altering a company’s tax record, initially showing Rs 60 million in dues, to an inflated Rs 130 million. The tampering was discovered after the affected company reported discrepancies in their records. Police investigations revealed that the suspects gained access using credentials entrusted to them by another taxpayer, further fueling concerns about how taxpayer information is handled.

This incident has not only spotlighted the misuse of taxpayer credentials but has also intensified scrutiny of the IRD’s IT system. Cybersecurity expert Manohar Bhattarai noted that repeated incidents of unauthorized access across various government platforms indicate systemic vulnerabilities.

“Frequent disruptions in government systems, such as those in the Department of Passports, Department of Transport Management, and Department of Customs, demonstrate an urgent need for robust and integrated IT management,” Bhattarai said.

In addition to these breaches, critical services have faced recurring server failures, including at Tribhuvan International Airport's Immigration Office and other major government offices. These failures have led to service disruptions, long queues, and delays for citizens, prompting public frustration.

Despite growing concerns, the Inland Revenue Department maintains that its IT system remains secure and blames taxpayers for failing to safeguard their credentials. “The responsibility to secure usernames and passwords lies entirely with taxpayers,” said IRD Director-General Ram Prasad Acharya. He further claimed that unauthorized access occurred due to taxpayers’ negligence rather than system flaws.

However, critics argue that the breach reflects deeper vulnerabilities in the government’s IT infrastructure. “Unauthorized individuals accessing sensitive portals underscores the need for a reassessment of IT security protocols,” experts warned.

The IRD breach is part of a broader issue affecting government’s IT systems. Similar incidents, including server outages at the Department of Passports, Department of Customs, and local administrative offices, have exposed the fragility of the country’s digital infrastructure.

As Nepal continues its journey toward digitization, experts urge the government to invest in advanced cybersecurity measures, staff training, and integrated IT management systems to protect sensitive data and ensure uninterrupted public services.