At 12 noon yesterday, the GST Network (GSTN), the IT backbone of the Goods and Services Tax, put out a tweet saying that it had detected "some activity in the cyberspace by unscrupulous elements because of which some taxpayers may have experienced difficulties/delays in accessing the GST portal which otherwise is working fine".
This cryptic tweet hinted towards a possible cyberattack on the GSTN portal, which stores highly sensitive information about 1.25 crore taxpayers, many of which are very large corporations. Yesterday's alleged cyber attack incident raised concerns among many taxpayers on the robustness of the GSTN portal's security system against hacking attempts.
GSTN sources said they detected unusual activity in the portal but they declined any serious concerns. "The portal's eight-layer security system alerts any unusual activity - sometimes multiple logins from the same GST registrant," said a GSTN source.
However, the cyberattack reports have made taxpayers wary of possible leakage of the sensitive database. "GSTN portal is experiencing the strain of cyber-attacks, which has hampered the accessibility and functioning of the portal. Currently, GSTN portal is holding highly price sensitive confidential information about over 12 million taxpayers and this cyber attack could have resulted in the breach of firewalls leading to loss of data," says Rajat Mohan, a partner in CA firm AMRG and Associates.
He further says that state-of-the-art security protocols must be established in GSTN systems, whereby Indian taxpayers are promised data security at all costs.
Pune-based chartered accountant Pritam Mahure says that GSTN portal stores highly sensitive information like details of import, exports, sales, purchases, movement of goods, etc. "Through this data even profit margins, etc can be derived. Given that the data is highly valuable and critical, right from day one, it was expected that unscrupulous elements will try to break in. Given this, it was expected that the portal should have enough controls in place. However, if the data is compromised then it's a matter of grave concern," he says.
Tax experts believe even going forward these kinds of attacks are expected to take place, and hence right measures must be in place to protect such information. Meanwhile, some tax experts have complained that some of the taxpayers' databases are already easily available on payment of a minimal sum.
State-wise taxpayers' information like GSTIN, mobile number, address, type of establishment, etc, are available for as low as Rs 199. A CA shared a sample of such a database with the reporter.
One chartered accountant said that such information is made available for free by GST officers. When asked if it is legal to provide such a database, he said it is unethical and illegal to do so, but they easily pass on the data if asked for.
Also read: Centre may impose 18% GST on bitcoin trading