The Internal Revenue Commission PNG (IRC) recently experienced a sophisticated ransomware attack, causing two weeks of disruption. IRC Commissioner General Sam Koim stated that despite significant cybersecurity upgrades, the attack occurred, highlighting the evolving nature of cyber threats. Mr. Koim said that for strategic reasons, IRC prioritized containment, recovery, and security enhancements before public disclosure. “The good news is:

• SIGTAS (core tax system) is secure and fully operational
• Email network restoration is progressing well
• Revenue transfers to WPA continued without disruption

Our robust business continuity plan ensured minimal impact on tax administration. IRC remains committed to strengthening cybersecurity and protecting taxpayer data,” Mr. Koim added. He said that on January 28, the IRC experienced a ransomware attack that disrupted their network and email systems. “As part of our strategic response, we focused on containment and recovery efforts before formally disclosing the nature of the incident, though we had already informed the public of a system outage." "We want to reassure all taxpayers that our core tax systems, SIGTAS has been restored and is secure. We also want to assure our key stakeholders and services providers whose systems are interoperable with the IRC that there was no impact to the integration or functionality of these systems." "All data exchanges, transactions and communications between our systems and those of our partners have remained secure and uninterrupted throughout this incident." "Upon detecting the breach, we immediately activated our incident response protocols and engaged KPMG, a globally recognized firm to conduct a comprehensive forensic investigation and assist with remediation." Mr. Koim stated that as Papua New Guinea's tax administration aspiring to become a robust and modern tax administration, safeguarding taxpayer information remains their fundamental responsibility. “We have therefore proactively invested in strengthening our cybersecurity infrastructure, including an independent cyber security assessment and penetration test in 2022 that guided significant security measures in place." We are making steady progress in restoring full functionality across our systems. Our SIGTAS system is fully operational since early last week, with controlled access by a critical team,” Mr. Koim said. He added that this security incident resulted in two weeks of disruption, but their response has been managed effectively with data security as their highest priority.