• Civil Society group highlights IRD website lacks a Security Sockets Layer 
• Claims vulnerability could expose website and citizen’s data open to security threats such as cyber attacks
• Asks IRD for clarification regarding absence of an SSL and information on measures taken to ensure data security 

The Citizen’s Collective, a civil society group, expressed serious concerns about the security of data on the Inland Revenue Department’s website in a written communication sent yesterday.

The organisation noted that on observation it found that the Department’s website http://www.ird.gov.lk lacks a Security Sockets Layer (SSL), an encryption-based Internet security protocol. 

The group highlighted that this vulnerability could expose the website to various security threats, including cyber-attacks such as Man-in-the-Middle attacks, where an attacker could interact with users while posing as the Inland Revenue Department.

The organisation highlighted that implementing an SSL is crucial as the website not only provides tax information but is now actively facilitating the tax registration of citizens. It also noted an SSL is also vital to safeguard sensitive data and maintain public trust. 

The group urged the Department to provide clarification regarding the absence of an SSL and to outline the measures taken to ensure the security of citizens’ data.

The security concern has been raised at a critical time as the Government has mandated individuals over the age of 18 to register with the Inland Revenue Department and obtain a Tax Identification Number (TIN) before 1 February. 

Taxing confusion

Inland Revenue gets new Commissioner General