FT
Friday Nov 08, 2024
Thursday, 4 January 2024 03:02 - - {{hitsCtrl.values.hits}}
The Citizen’s Collective, a civil society group, expressed serious concerns about the security of data on the Inland Revenue Department’s website in a written communication sent yesterday.
The organisation noted that on observation it found that the Department’s website http://www.ird.gov.lk lacks a Security Sockets Layer (SSL), an encryption-based Internet security protocol.
The group highlighted that this vulnerability could expose the website to various security threats, including cyber-attacks such as Man-in-the-Middle attacks, where an attacker could interact with users while posing as the Inland Revenue Department.
The organisation highlighted that implementing an SSL is crucial as the website not only provides tax information but is now actively facilitating the tax registration of citizens. It also noted an SSL is also vital to safeguard sensitive data and maintain public trust.
The group urged the Department to provide clarification regarding the absence of an SSL and to outline the measures taken to ensure the security of citizens’ data.
The security concern has been raised at a critical time as the Government has mandated individuals over the age of 18 to register with the Inland Revenue Department and obtain a Tax Identification Number (TIN) before 1 February.