The South African Revenue Service (SARS) and the Office of the Tax Ombud (OTO) have jointly refuted media claims that thousands of eFiling profiles have been hijacked by cybercriminals, resulting in taxpayers losing their refunds.
A report published by the Sowetan on Friday alleged that SARS systems were increasingly vulnerable to cyberattacks, with up to 16,000 taxpayer profiles compromised. However, in a joint statement issued on Monday, SARS and the OTO dismissed the report as containing “a number of factual inaccuracies.” These issues, they said, would be addressed in full when the Tax Ombud’s official report into eFiling profile hijackings is released on Wednesday, 1 October.
The upcoming report follows a formal request made by the Tax Ombud in August 2024 to Finance Minister Enoch Godongwana for authorisation to investigate possible systemic failures at SARS in handling compromised tax profiles. This came after a wave of complaints from taxpayers and industry stakeholders in June 2024.
While denying the scale of the hijackings suggested by the media, both SARS and the OTO acknowledged that compromised tax profiles are a legitimate concern and have been under investigation for more than a year.
In February 2025, the OTO invited taxpayers and tax practitioners to participate in a survey aimed at understanding the extent of the issue. The findings were initially due to be released in July, but SARS Commissioner Edward Kieswetter requested additional time to respond to the preliminary report. An extension was granted, pushing publication to 1 October.
SARS and the OTO conceded that the shift towards digital tax services has introduced new vulnerabilities, particularly around identity authentication and the sharing of sensitive information.
“Even routine activities such as accessing tax platforms or updating banking details have become potential gateways for exploitation,” they said, noting that cybercriminals are becoming more sophisticated in their methods.
Concerns around cybersecurity are not isolated to SARS. Several other government departments and agencies have experienced breaches in recent years. In July 2025, TechCentral reported that malware was discovered in the National Treasury’s IT systems—believed to be linked to a global Microsoft SharePoint vulnerability. Other entities such as the State Security Agency, the Companies and Intellectual Property Commission, and the Government Employees Pension Fund have also suffered cyber intrusions in the last two years.
To improve the government’s cyber resilience, the Democratic Alliance has proposed a private members’ bill to establish a centralised Cyber Commission. The proposed body would coordinate cybersecurity efforts across government and the private sector, streamlining response strategies and improving threat detection.
“We respect that the final report by the ombud will soon be made public,” said SARS Commissioner Kieswetter. “SARS remains committed to ensuring the highest levels of integrity and protection for taxpayers who use its digital platforms.”
While the full scope of eFiling profile hijackings remains to be clarified, the pending report is expected to offer a clearer picture of how serious the problem is—and what steps SARS is taking to prevent further exploitation of its systems.
Main Image: Sunday Independent
