The South African Revenue Service (Sars) and the Office of the Tax Ombud (Oto) have expressed concern over growing reports of hijacked e-filing profiles, saying they are working closely to protect taxpayers and maintain the integrity of the country’s tax system.
In a joint statement issued on Friday, 26 September, SARS and the Oto responded to a recent Sowetan article highlighting an increase in cybercriminals targeting taxpayer profiles and resulting in financial losses.
The institutions noted that at the time of publication, the Oto’s draft report had not yet been released for public comment and that the article contained “a number of factual inaccuracies.”
The organisations emphasised their distinct but complementary roles in South Africa’s tax administration. They are established in law to fulfil distinct yet mutually reinforcing roles for the sole benefit of taxpayers and the tax finance system for the country.
“Sars not only respects but considers the role of the Oto as an indispensable partner to ensure the functioning of the tax ecosystem is fair and beyond reproach. In this regard, Sars has and continues to work hard to address whatever complaints that have been laid with the OTO,” the statement read.
The statement also emphasised that the two institutions play a paramount role in the functioning of tax administration. Each institution respects the other’s mandate, while both being the cornerstone for the fiscal integrity of South Africa's tax ecosystem.
The Oto will release its draft report on 1 October 2025, following extensive engagement with all stakeholders.
Rising cybercrime risks
The OTO has been investigating compromised taxpayer profiles for more than a year, after receiving numerous complaints from both individuals and tax practitioners.
“In today’s digitally interconnected environment, cybersecurity risks have escalated dramatically, posing significant threats to individuals, businesses, and institutions.
“As personal and financial transactions increasingly migrate online, malicious actors exploit vulnerabilities in authentication protocols, data-sharing mechanisms, and user behaviour to perpetrate identity theft, fraud, and unauthorised system access. Even routine activities, such as accessing tax platforms or updating banking details, have become potential gateways for exploitation,” the statement said.
It added that Sars, as the custodian of revenue collection and refund payments, is a prime target for cybercriminals exploiting vulnerabilities in online systems.
Cooperation and security measures
Sars and the Oto stressed that they maintain a cooperative relationship, with a shared goal of restoring public confidence in the e-filing system.
Sars said it continues to enhance security protocols to mitigate risks and urged taxpayers to remain vigilant by safeguarding login details and reporting suspicious activity through official channels.
“The release of the Oto’s draft report has been delayed, allowing Sars to provide detailed input on preliminary findings, ensuring a comprehensive and balanced analysis.
“Whilst consultations have been extensive between the parties, parts of the draft may still carry areas of difference, which is to be expected in any review of this nature. This cooperative approach aims to strengthen the report’s recommendations and foster meaningful improvements,” the statement added.
